Re: Any Good use case of PAM (Privileged account Management) using Vcs from sethi shivam on 2021-11-07 (public-credentials@w3.org from November 2021)

From: sethi shivam <sethishivam27@gmail.com>
Date: Mon, 8 Nov 2021 01:03:41 +0530
To: Bob Wyman <bob@wyman.us>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAG7szRMhqULBX2_mHyByVJEGt-7piBQnRP8gy2sTwq=DwPbFMw@mail.gmail.com>

thanks Bob,

So as per my understanding  We can issue VC for a particular period of time
(using revoke ) .

and is there any  good enterprise level use-case of managing Privileged
accounts using Vcs  ?


Best Regards
Sethi Shivam


On Mon, 8 Nov 2021 at 00:45, Bob Wyman <bob@wyman.us> wrote:

> Sethi,
> You asked: "I want to give Access of a machine to my Colleague by sharing
> VC of (Privileged account) ."
>
> Delegating the rights associated with a VC is sometimes quite reasonable
> and may be supported, however, delegating the right to use an existing VC
> should not be supported. In commonly understood terms, it might sometimes
> be reasonable for me to delegate to you the right to act on my behalf, but
> it is never reasonable to delegate to you the right to "be" me. If you take
> an action, based on rights which were originally delegated to me, the fact
> that it was you, not me, who acted, should be discoverable, even if I
> approve of your actions. A common example of this is when someone uses a
> "Power of Attorney," to sign a contract. When they do, they typically sign
> documents with their own names and an annotation "on behalf of," "for," or
> "by power of attorney," they don't forge the signature of the one who
> granted the power of attorney.
>
> One should delegate rights, not credentials.
>
> bob wyman
>
>
> On Sat, Nov 6, 2021 at 7:48 PM sethi shivam <sethishivam27@gmail.com>
> wrote:
>
>> Hi Team ,
>>
>> Is it possible that we can give our Vcs to someone for a particular
>> period of time .
>>
>> Like I am on vacation and I want to give Access of a machine to my
>> Colleague by sharing VC of (Privileged account) .
>>
>> and my second question is :
>>
>> Is there any good enterprise level use-case of managing Privileged
>> accounts using Vcs .
>>
>> I am just trying to explore PIM-PAM use cases with Vcs
>> PIM = Privileged Identity management
>>
>> Today we have many tools like Cyberark , beyondTrust
>>
>>
>> Best Regards
>> Sethi Shivam
>>
>

Received on Sunday, 7 November 2021 19:35:30 UTC