delegationauthorization

Delegation authorization is a mechanism in access control that allows one entity (the delegator) to grant another entity (the delegatee) permission to act on the delegator’s behalf within defined boundaries. It enables services or users to perform tasks or access resources without sharing credentials, while maintaining accountability through traceable tokens, scopes, and time limits.

In practice, delegation can take two forms. Impersonation, where the delegatee operates using the delegator’s identity,

Common frameworks and patterns for delegation include OAuth 2.0 and OpenID Connect for service-to-service and user-centric

Security and governance considerations are central. Practices include enforcing least privilege, using short-lived tokens, explicit scopes,

See also: OAuth 2.0, OpenID Connect, SAML, Kerberos, RBAC, ABAC.