IdPv3 deliberate change of principal and shared principals

Nate Klingenstein nate.klingenstein at utah.edu
Tue Mar 22 13:41:30 EDT 2016


One more vote in favor of this use case.  We have tools that allow help desk users to assume administrative privileges to perform password resets and other functions, but the role elevation is built directly into the tool.

I think it would be awesome to move that to the identity provider.  It would allow other tools to avoid re-implementing the wheel, leverage the same ruleset, and perhaps most importantly, dramatically improve our ability to audit privilege elevation.

Big +1 to this proposal if the resources can be found, since it seems like it would be a lot of work.  I don’t know how to prioritize it relative to the rest of the road map, but use cases abound.


More information about the users mailing list