Imagine an application where you can log in with you facebook
account, and then jump to another website that belongs to another
company without providing your credentials again, but still be
properly identified, with all your operations traced, logged, and
visible via a web UI designed for non-technical auditors.
Some large ISV request the possibility to let customers re-use their
own Windows accounts when using a SaaS application, although the
customer Active Directory is obviously not located on the...