IdPv3 deliberate change of principal and shared principals
Nate Klingenstein
nate.klingenstein at utah.edu
Tue Mar 22 13:41:30 EDT 2016
One more vote in favor of this use case. We have tools that allow help desk users to assume administrative privileges to perform password resets and other functions, but the role elevation is built directly into the tool.
I think it would be awesome to move that to the identity provider. It would allow other tools to avoid re-implementing the wheel, leverage the same ruleset, and perhaps most importantly, dramatically improve our ability to audit privilege elevation.
Big +1 to this proposal if the resources can be found, since it seems like it would be a lot of work. I don’t know how to prioritize it relative to the rest of the road map, but use cases abound.
More information about the users
mailing list