ENTITY TO AUTHORIZE DELEGATION OF PERMISSIONS

1. A computer implemented method for asynchronous permission delegation, said method comprising:

• under the control of one or more computer systems configured with executable instructions,defining a delegation profile associated with an account, the delegation profile including (a) a validation policy that specifies one or more security principals that are permitted to operate in a security context of the delegation profile under a set of conditions, and (b) an authorization policy specifying permitted actions for the one or more security principals operating in the security context of the delegation profile;
  
  granting permission to at least one user of the account to use the delegation profile;
  
  receiving a request for a set of credentials from at least one service, the request indicating the delegation profile;
  
  providing the set of credentials to the service if the service is verified to be one of the one or more security principals identified in the validation policy of the delegation profile, the credentials enabling requests to be made in the account within the security context of the delegation profile and subject to the authorization policy of the delegation profile.receiving, from an entity, a request for access to a resource in the account, the request indicating the delegation profile;
  
  providing access to the entity if the entity is verified to be one of the one or more security principals identified in the delegation profile, the access enabling the entity to act on the resources in the account as the one or more security principals identified by the delegation profile subject to the permissions specified in the delegation profile.