When an object decides to delegate a task to another object (effectively to the CodeExecutor of that object), it creates a delegation certificate. This certificate specifies the initiator, role it is delegating, any constraints that are bound to the delegation, a nonce, validity period and its DelegationServer name for handling queries regarding delegation revocation. A role certificate is associated with the role being delegated, which might contain a set of privileges associated with it.
A delegation certificate is generated using the CodeExecutor as FromPrincipal and the CodeExecutor of the remoteAdmin object as the ToPrincipal. Implementations could be based on public key cryptography using X.509 certificates, as illustrated in Figure . The associated role (and hence, set of privileges) is specified in the certificate.
A delegation certificate is issued for every delegation session unless an earlier delegation has been set to remain valid for consecutive sessions. The type of the delegation certificate (SimpleDelegationCert or CascadedDelegationCert) reflects the kind of delegation that is activated for this session. If the delegation is revocable, the end-point makes sure that the delegation certificate is not revoked before it provides access.
: Main Delegation Protocol in SDM
Selection of consecutive delegates is made by an intermediate. Selected principal (CodeExecutor of the selected object for further delegation) is verified to be a permitted delegate by invoking the isPermittedDelegate(Principal) method on the certificate (DelegationCertificates must implement the Delegation interface shown in Figure ). This method will scan through the list of exempted delegates (if any) and accordingly will return a boolean value, indicating whether or not the principal is a valid delegate.