Chapter 16. Delegation

In this section we are going to see two practical examples of credential delegation. Before seeing these examples, this might be a good time to reread the page on credential delegation.

The first example is going to be a very simple example based on the very first secure example we saw (in directory $TUTORIAL_DIR/org/globus/progtutorial/services/security/first/). The modified files can be found in $TUTORIAL_DIR/org/globus/progtutorial/services/security/delegation_first/. This example will allow us to see the basic mechanism that activates delegation and, using the server-side logs, we will verify that delegation is working properly.

However, this first example doesn't allow us to see the full potential of delegation. This is why, after that example, we will write a more complex example based on the illustration we saw when explaining credential delegation. The second example will include two services. The client will delegate its credentials on the first service, and that service will use those delegated credentials to invoke the second service. We will be able to see that, when delegation is not activated, the example doesn't work (because the second service expects the client's credentials, not the first service's credentials). Then, once we activate delegation, we will see how everything works perfectly.