Several standards, such as SAML (http://saml.xml.org/) and OpenID (http://openid.net/), provide means for web sites to delegate authentication of their users to external authentication authorities. As part of the authentication process, the protocol flow requires the user to interact both with the system of the requested service and with the authenticating authority system where the two systems belong to different security domains. There are challenges to balance the interaction with the two systems. On the one hand, authentication must be performed in a secure manner, which requires that the integrity and origin of any data transmitted between the two systems should be able to be verified and that the identity of the authenticating authority system should be able to be verified by the user so that the user can have confidence in presenting their credentials. On the other hand, the user experience of the workflow with the requested service should present a smooth integration of the authentication flow, which may include related self-services such as self-registration and password recovery, into the workflow of the service. For example, the inability of the authentication process to convey the context of the different services together with their various concepts of user experience may turn potential users away from these services.