摘要 |
PROBLEM TO BE SOLVED: To provide methods and systems for controlling the scope of delegation of authentication credentials within a network environment. SOLUTION: A server is configurated to provide a trusted third-party with a ticket authenticating the server, information about a target service that a server seeks to access on behalf of the client, and a service ticket associated with the client. This server ticket may be provided by the client or may be a previously granted service ticket granted to the server for itself in the name of the client. The trusted third-party grants a new service to access the target service to the server, in the client's name, if such delegation is permitted according to delegation constraints associated with the client. |