Recently I questioned Keith Brown on his description of Windows impersonation at http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsDelegation.ht ml. It deals with a 3-tier archirecture with a user ("Alice") making use of a browser, a web server ("Bob") and a database server ("Charlie"). Without impersonation, the web server would identify itself as "Bob" to the database server, and with impersonation as "Alice". I would also like to let "Bob" connect to "Charlie" as "Bob on behalf of Alice" and have an identity or user with privileges for the latter that differ from just "Alice". For instance if "Alice" were only allowed access to Charlie THROUGH "Bob". Of course I've let at least to other questions open: - exactly what privileges should "Bob on behalf of Alice" have, and - is "Bob" always allowed to act on behalf of "Alice", or only by request? I was wondering what the vision and status of implementation of comparable techniques is in Apache. Toine. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx