Impersonation Delegation

Context

Your application needs to access a downstream resource, typically a database, and you need to decide where to authorize the original caller who initiates the operation and what account to use to access the downstream resource.

Problem

• Where to perform authorization and what account(s) to use access the downstream resource.

Forces

• You want to use OS auditing to track an individual's operations in the database.
• You want granular, per-user authorization in the database.
• You don't want to trust the front-end application to perform user authorization.
• Your application will scale enough to satisfy your requirements even without connection pooling.

Solution

• Use an authentication mechanism that allows you to obtain delegatable credentials.
• Impersonate the original caller's identity and make downstream calls using that identity.
• Configure per-user ACLs at the back-end (e.g. within the database)