In distributed systems such as service oriented architectures (SOAs), a service such as a Web service provides access to data from a user (e.g. an end user or another service), which needs to be restricted. Access control is commonly achieved by enforcing a policy through an authorization service. To decide whether the user is authorized to access the data, the authorization service needs to authenticate the user. For this purpose, authentication mechanisms are used.
In a ubiquitous computing environment of, e.g., wireless connectivity and widespread diffusion of various mobile and/or portable devices, frequently having different capabilities for authentication, consistent and reliable authentication becomes even more challenging.