Token-based replacement for X.509 credential delegation

A credential delegation service enables service to service calls to be made with the originating user's credentials. With tokens, the scope of the token within the SRCNet ecosystem allows the SKA tokens to be used. The challenge is when making calls outside the ecosystem. In uses cases and in the architecture diagram, this is making use of external services where a user working inside SRCNet accesses authorized external resources programatically. The external resources may be 1) resources within the SRC node where the SRC node supports multiple facilities and a user has access to non-SRC data or services or 2) a completely external resource. Identifying a solution that could then be prototyped and deployed in the mini-SRCNet Demonstrator would help understand the need and identify any missing functionality to support that.
It should be possible to do this via setting up IAM clients on the SRC IAM service and configure them for token exchange.

• Discussion/knowledge share around how we can configure things to use the token exchange functionality with the SRC IAM service to perform credential delegation
• Documentation of how credential delegation can be done via token exchange in SRC IAM for future such use cases