Delegated Identity
Delegated Identity is the practice of granting a service or agent the ability to act on behalf of a user. Instead of the user providing their credentials, the service receives authorization to act as the user, using delegation tokens that are scoped and time-limited.
# WHAT TEAMS RUN INTO
- —
Delegation tokens can be stolen or misused. If a delegation token is compromised, the attacker can act as the user who delegated authority, but the delegation token is often long-lived and not constantly verified.
- —
Delegated authority creates accountability gaps. When a service acts on behalf of a user, it is unclear whether the service or the user is responsible for the action. Audit logs might show the service, not the user who authorized it.
- —
Delegation scope is hard to limit. A user might delegate authorization to a service 'do what you need to do,' without understanding what permissions that grants. Services often request broad delegation to avoid needing multiple tokens.
# WHY IT MATTERS
Delegated Identity is essential for modern application architecture — users cannot provide their passwords to every service they use. But delegation creates a separation between authorization and execution — the user authorizes an action, but a service executes it. That separation is a vulnerability if the delegation token is not protected or if the service is compromised.