Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons.
Sign in with 
OpenID
Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons.
My metaphor would be a bank. I go to the counter and prove who I am so I can get info about my savings. The bank teller then goes and asks one of her colleagues for information she needs to perform that request. She does not claim to be me or impersonate me, merely that I have authorized her to get some information about me.
We had a similar problem with Microsoft SQL Server 2000 Reporting Services, which you have to access as a web service (via SOAP) rather than as a class library. We went to enormous lengths to try to make it so that RS was running with the same user identity as the person visiting the web page the report was being served from; my solution using a cryptographically secured ticket to tell RS on whose behalf the report was bing generated was rejected because it was not proper impersonation. Gah!