The Web programming model makes it possible to build and deploy Web applications incrementally and in a decentralized manner. The Web programming model is considered “loosely coupled” and provides Web applications having a high degree of interoperability, scalability, and manageability. Generally, Web applications operate with at least a passive client that understands both HTTP and HTML, such as a Web browser. Examples of Web applications include e-commerce web sites such as www.microsoft.com and www.amazon.com.
In contrast, Web services adapt the loosely coupled Web programming model for use in services that do not require a visual UI (“user interface”) (e.g., do not require a browser). Web services typically incorporate some combination of programming, data and (possibly) human resources to provide services made available from an organization's Web server to other Web-connected programs. Exemplary Web services may include major services, such as storage management and customer relationship management (CRM), down to much more limited services, such as online stock quotations and online bidding for an auction item.
Some features of a Web application are openly available to any user visiting a Web site. For example, the Amazon web site provides a catalog-type feature without strict authentication and authorization mechanisms. However, other features of a Web application may require that a user be authenticated before receiving access. For example, the Amazon web site requires authentication before a user is able to check the status of an order or to change payment information. Likewise, accessing a user's online email account provided by a Web email application requires logon information to authenticate the user.
Many users typically employ Web applications through many different sites. In many circumstances, each individual Web application requires the user to individually authenticate before access to a secure Web application feature is granted. For most Web applications, such authentication is performed via a custom authentication protocol based on posting a user's name and password for each Web application accessed.
In other circumstances, multiple Web applications provided by an individual organization (e.g., multiple Web sites provided by Amazon) may share authentication information, policies, and protocols to provide a Single Sign-On (SSO) or Single Sign-In (SSI) facility throughout that organization. As such, a user need only login once in a single session to one Web application of a given organization, and the user can be automatically or transparently authenticated for access to any other Web application provided by that organization.
However, when a user wishes to employ Web applications from multiple, independent organizations, individual logins are typically still required for each organization, a limitation which detracts from the desired convenience and seamless access potentially expected of Web applications. This is particularly true when the user is accessing a Web application in another organization through a passive client device, such as a client computer running a browser.