----
h1. Overview
----

{image-with-caption-link-to-larger:tablealign=right|pagename=imagegallery:400px-CDS1.2.jpg|attachmentname=400px-CDS1.2.jpg|caption=Credential Delegation Service (CDS)|largepagename=imagegallery:CDS1.2.jpg|largeattachmentname=CDS1.2.jpg}
The Credential Delegation Service (CDS) is a WSRF-compliant Grid service that enables users/services (delegator) to delegate their Grid credentials to other users/services (delegatee) such that the delegatee(s) may act on the delegator's behalf. Consider a usecase where a user Bob wishes to invoke a simple workflow where three services interact with one another sequentially. Upon completion _Workflow Step 1_ calls _Workflow Step 2_, which in turn calls _Workflow Step 3_. Now consider the following access control policies for these services:
# Bob has been granted access to each of these service resources
# Each of the services *does not* have access to the other services resources.

Since the services do not have access to one another's resources, the services must connect to one another as Bob in order to successfully execute this workflow. In order to interact with one another as Bob each of the first two service in the workflow: _Workflow Step 1_ and _Workflow Step 2{_}must have Bob's Grid credentials such that they may authenticate as Bob. The CDS provides a secure mechanism for Bob to provide his credentials to the workflow service such that they may act on his behalf.