- From: Bob Wyman <bob@wyman.us>
- Date: Sun, 7 Nov 2021 14:15:27 -0500
- To: sethi shivam <sethishivam27@gmail.com>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAA1s49XBF+x2hYFCm2kS3_t6PC3sJpWgUoE04=1A+JRNQfNQTQ@mail.gmail.com>
Sethi, You asked: "I want to give Access of a machine to my Colleague by sharing VC of (Privileged account) ." Delegating the rights associated with a VC is sometimes quite reasonable and may be supported, however, delegating the right to use an existing VC should not be supported. In commonly understood terms, it might sometimes be reasonable for me to delegate to you the right to act on my behalf, but it is never reasonable to delegate to you the right to "be" me. If you take an action, based on rights which were originally delegated to me, the fact that it was you, not me, who acted, should be discoverable, even if I approve of your actions. A common example of this is when someone uses a "Power of Attorney," to sign a contract. When they do, they typically sign documents with their own names and an annotation "on behalf of," "for," or "by power of attorney," they don't forge the signature of the one who granted the power of attorney. One should delegate rights, not credentials. bob wyman On Sat, Nov 6, 2021 at 7:48 PM sethi shivam <sethishivam27@gmail.com> wrote: > Hi Team , > > Is it possible that we can give our Vcs to someone for a particular period > of time . > > Like I am on vacation and I want to give Access of a machine to my > Colleague by sharing VC of (Privileged account) . > > and my second question is : > > Is there any good enterprise level use-case of managing Privileged > accounts using Vcs . > > I am just trying to explore PIM-PAM use cases with Vcs > PIM = Privileged Identity management > > Today we have many tools like Cyberark , beyondTrust > > > Best Regards > Sethi Shivam >
Received on Sunday, 7 November 2021 19:15:50 UTC