Responsibility for implementing authentication, authorization, auditing and personalization into applications has traditionally belonged to Web developers, even though they often lack security ...