Consensual impersonation is delegation done very wrong

I’ve got a new post up on the Forrester blogs about “consensual impersonation”, which is what happens when you give your password to someone else so they can do something from your account. As Paul Madsen points out, it’s “another manifestation of the password anti-pattern”, and it’s a use case whose legitimacy — at least some of the time — we haven’t really thought about. Head over there to see if I manage to avoid mentioning UMA. (Hint…)