5.4.1 Delegation of authentication

Delegation refers to the facility for a service to impersonate an authenticated client in order to relieve the user of the additional burden of authenticating to multiple services. To the latter services it will look as if they are communicating directly with the user, whereas in reality another service will sit between them and the user.

A classical example of where delegation is a very useful feature is when a user asks a print server to print a file that is located on another server. In today s Internet world there are many more examples. Basically, any Webbased multitier application can take advantage of delegation. Examples are Web sites launching user queries against a database located on some back- end server, or a user accessing his or her mailbox from a Web interface [a good example is Microsoft s Outlook Web Access (OWA)]. In the future, when Web services become widespread, the need for authentication delegation support will only become bigger. Web services are rooted on highly distributed architectures that can make data and other resources available to a wide range of users. Web services are typically accessed using open Inter- net protocols (such as HTTP and SMTP). In such environments it would...