The Case For Secure Delegation

Internet users often want to authorize untrusted machines to perform some operation on their behalf without giving them their credentials. Neither the Secure Shell protocol (SSH) nor the Transport Layer Security protocol (TLS) allows a user to do this securely.

With Guardian Agent, the user has explicit control over the who, what, and to whom of the delegated authority. The system works with existing OpenSSH servers. Without support from the underlying protocols, these workarounds prove themselves to be insecure.

Workarounds that enable delegation of secure websites to CDNs are also vulnerable. Delegation is common in both the SSH and TLS settings. We are unaware of “secure delegation” mechanisms for either.

Auto50

https://www.researchgate.net/publication/320933749_The_Case_For_Secure_Delegation