The necessity for delegation
15 views
Skip to first unread message
Pierre Thierry
Feb 5, 2024, 9:24:40 AMFeb 5
to cap-...@googlegroups.com
Hi all,
for years, I've wanted to document compelling use cases for delegation
so that people that design or operate applications understand the need
to provide not just authentication but delegation.
My partner just made me realize we are both actually living a very
compelling use case ourselves that many other people may also live… My
partner has a chronic illness and mental issues and both fatigue and
anxiety make it sometimes hard, sometimes impossible, to use most
applications.
This means that, as a caretaker, I need to know and use their every
login and password, for banking, taxes, healthcare appointments, etc…
As a developer, I was initially absolutely opposed to do that but I
quickly realized that it was not a realistic option to stay
principled, because my partner needs those formalities done and they
lack autonomy.
Providing a delegation UI for most apps would serve two important
purposes in this use case:
- for the delegator
- they can explicit what actions were taken not by them directly,
which is invaluable if the delegation is abused
- they can retake control when circumstances make it
either possible or necessary
- the delegation can easily become visible and official, so they
don't need to intervene in every interaction to confirm that they
actually agree with someone else acting on thei behalf
- for the caretaker
- they can explicit that they are acting on behalf on someone else
and not hacking someone else's account
- they can protect themselves by refusing access to the main account
For both their safety and UX, a delegation UI could provide additional
tools like the ability to comment the context of delegated actions or
reconcile actions taken by the caretaker.
What do you think of that use case? Do you know other use cases that
could be compelling to lobby for a generalized deployment of
delegation in online applications?
I would like to publish something like a "Delegation Manifesto".
Curiously,
Pierre Thierry
--
pie...@nothos.net
OpenPGP 0xD9D50D8A
for years, I've wanted to document compelling use cases for delegation
so that people that design or operate applications understand the need
to provide not just authentication but delegation.
My partner just made me realize we are both actually living a very
compelling use case ourselves that many other people may also live… My
partner has a chronic illness and mental issues and both fatigue and
anxiety make it sometimes hard, sometimes impossible, to use most
applications.
This means that, as a caretaker, I need to know and use their every
login and password, for banking, taxes, healthcare appointments, etc…
As a developer, I was initially absolutely opposed to do that but I
quickly realized that it was not a realistic option to stay
principled, because my partner needs those formalities done and they
lack autonomy.
Providing a delegation UI for most apps would serve two important
purposes in this use case:
- for the delegator
- they can explicit what actions were taken not by them directly,
which is invaluable if the delegation is abused
- they can retake control when circumstances make it
either possible or necessary
- the delegation can easily become visible and official, so they
don't need to intervene in every interaction to confirm that they
actually agree with someone else acting on thei behalf
- for the caretaker
- they can explicit that they are acting on behalf on someone else
and not hacking someone else's account
- they can protect themselves by refusing access to the main account
For both their safety and UX, a delegation UI could provide additional
tools like the ability to comment the context of delegated actions or
reconcile actions taken by the caretaker.
What do you think of that use case? Do you know other use cases that
could be compelling to lobby for a generalized deployment of
delegation in online applications?
I would like to publish something like a "Delegation Manifesto".
Curiously,
Pierre Thierry
--
pie...@nothos.net
OpenPGP 0xD9D50D8A
Matt Rice
Feb 5, 2024, 10:14:37 AMFeb 5
to cap-...@googlegroups.com
Definitely compelling, I just want to note that this should also
include guidelines
for third parties, or the service itself. For instance I've heard
grumbling about
some services which *do* provide delegation, but for whatever reason when
dealing with the physical institution cannot manage to convey the delegation.
Partially this is due to the one-email == one account norm, and access
to multiple
accounts may I suspect be unapparent, perhaps hidden in a drop-down
for support staff. That tends to be ignored because one-to-one account/email
is the norm.
Anyhow my feeling is that allowing delegation within an existing system needs
to be done with some kind of holistic design. Which needs to be done carefully,
because it is breaking some assumptions that many systems have about unique
access to authorization.
> --
> You received this message because you are subscribed to the Google Groups "cap-talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/ZcDvpJFSJY76dT3p%40viper.autogriff.com.
include guidelines
for third parties, or the service itself. For instance I've heard
grumbling about
some services which *do* provide delegation, but for whatever reason when
dealing with the physical institution cannot manage to convey the delegation.
Partially this is due to the one-email == one account norm, and access
to multiple
accounts may I suspect be unapparent, perhaps hidden in a drop-down
for support staff. That tends to be ignored because one-to-one account/email
is the norm.
Anyhow my feeling is that allowing delegation within an existing system needs
to be done with some kind of holistic design. Which needs to be done carefully,
because it is breaking some assumptions that many systems have about unique
access to authorization.
> You received this message because you are subscribed to the Google Groups "cap-talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/ZcDvpJFSJY76dT3p%40viper.autogriff.com.
Alan Karp
Feb 5, 2024, 1:52:35 PMFeb 5
to cap-...@googlegroups.com
The need for delegation in healthcare is a well-known problem that a number of people are trying to address, some of them with capabilities. There are several sessions on the topic at every IIW. One of these efforts is designing a whole infrastructure around GNAP, the follow-on to OAuth 2.
A big problem with delegation by credential sharing is the loss of responsibility tracking. It's a problem for patients, but it's even more of an issue for providers. It's common for the MDs credentials to be shared with all the nurses and administrative staff in a typical doctor's office. The result is that they have to lie when filling out HIPAA compliance forms. Everybody knows they do it, but there's no effective alternative given the access control mechanisms in place.
In 2007, I was reviewing the State of New York plan for electronic health records and pointed out the lack of delegation. They recognized the importance of the omission and adopted ZBAC in their official documents. (We couldn't use the word "capabilities" back then.) Unfortunately, the committee lost its funding in the 2008 financial crisis, so the plan was never implemented.
--------------
Alan Karp
--------------
Alan Karp
Pierre Thierry
Feb 15, 2024, 12:03:38 AMFeb 15
to cap-talk
Le lundi 5 février 2024 à 19:52:35 UTC+1, alan...@gmail.com a écrit :
In 2007, I was reviewing the State of New York plan for electronic health records and pointed out the lack of delegation. They recognized the importance of the omission and adopted ZBAC in their official documents. (We couldn't use the word "capabilities" back then.) Unfortunately, the committee lost its funding in the 2008 financial crisis, so the plan was never implemented.
Is that plan available publicly? (or privately, for that matter…)
Curiously,
Pierre Thierry
Alan Karp
Feb 15, 2024, 1:03:20 AMFeb 15
to cap-...@googlegroups.com
The only thing I ever saw was a public document stating that ZBAC was the mechanism they would use for delegation.
--------------
Alan Karp
--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/939b8171-6242-4978-84b3-f07944ce721cn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages