luser/batch process requests access for <userid> using <credential> from a server
lserver validates credential (e.g. password or key challenge certificate) against userid and returns an <authentication_token> (e.g. a cookie or hash token) which is linked server side to the userid, typically in a session store
luser/batch process supplies the authentication token along with subsequent requests to the server
lon receiving a request the server
–validates the authentication token
–checks the linked userid has authorisation to perform the given request