Applications have required direct user authentication and authorization to protect data since the first data processing applications were written for the mainframe. As the benefits of networking and distributed computing have materialized, the user has been pushed further and further away from the actual data; a progression from 2-tier to 3-tier to N-tier computing. With this uptake in distributed computing, applications have lost the ability to directly authenticate and authorize the user. These applications have been forced to rely on alternate mechanisms to establish the identity of the user in a trustworthy manner. Examples of these alternatives have included relying on physical controls in the data center, or implementing a trust model that leverages point to point, system level authentication.
The latest incarnation of a distributed computing framework is the Services Oriented Architecture that is most often implemented with Web Services. Some of the major principles driving the adoption of a Web Service based SOA are the ability to use open standards such as XML, SOAP etc. and a focus on reuse and loose coupling. Fundamentally, when a Web Service Client and a Web Service Provider communicate with one another, they should not know or be dependent upon the underlying details of each others implementation.
