Authentication by delegation: what does it mean?

What does "authentic开发者_如何学编程ation by delegation" mean?

It means that you delegate the responsibility of authentication to a trusted third party. In practice, when using google as an OpenId provider that people will use to log in to your web site you are doing delegated authentication.

It means that you are trusting the word of someone else when they assert the identity of an entity. It is generally established to be safe to do this by a cryptographic relationship, e.g., the assertion is signed with a private key that you know only they (should) have, and you can use their public key to verify it.

I think it depends upon context.

The phrase makes me think of impersonation in Windows operating systems. Here delegation allows the server implementing an RPC service to assume the identity of the caller - subject to some infrastructure constraints. When an RPC call impersonates the caller, it is trivial to establish the identity of the caller, since it is inherent to the current execution context, and can be acquired (at a low level) from the current thread token. I'd argue that "authentication by delegation" probably refers to this pattern of authentication subject to the typical facilities offered by Windows systems (be that using [D]COM or WCF or native Win32 calls.)

http://technet.microsoft.com/en-us/library/cc961952.aspx