Target-based authorization Perform a resource-based authorization by deciding whether a user should be allowed to contact a certain Web application. Single sign-on If user authentication and authorization was successful, forward the user's request and user's credentials to a certain Web application server for further processing. Use of a separate component for authentication It might be necessary to allow a separate and already existing authentication application and repository to perform the initial user authentication. These additional authentication methods should be usable without having to rewrite any of the applications. 4.2.1 Authentication and single sign-on mechanisms Authentication describes the process of exchanging credentials to identify the communication partners. Authentication can be directional or mutual. Single sign-on is the process of forwarding information about a user's identity in a secure way to another system. WebSEAL can enforce certain types of user authentication and can use several single sign-on mechanisms to forward user requests together with user information to a Web application server.