Method and apparatus for communicating authorization data

1. A method comprising:

• communicating, by a first entity via a client computing device, a first entity'"'"'s identity to an authentication server for verification;
  
  receiving a relationship ticket from the authentication server after the first entity'"'"'s identity has been successfully verified, wherein the relationship ticket received from the authentication server is encrypted so that the relationship ticket cannot be decrypted by the client computing device which receives the relationship ticket, and wherein the relationship ticket includes the first entity'"'"'s identity and identifies a second entity who'"'"'s access to a web server is to be limited;
  
  generating, by the first entity via the client computing device, a request to establish a selected permission level for the second entity which will limit the second entity'"'"'s access to the web server;
  
  sending, by the first entity via the client computing device, the request and the relationship ticket to the web server to;
  
  decrypt the relationship ticket;
  
  perform an integrity check of the relationship ticket using a message authentication code contained within the relationship ticket;
  
  authenticate the first entity'"'"'s identity, wherein the web server authenticates the first entity'"'"'s identity with the authentication server using contents of the relationship ticket; and
  
  establish the selected permission level for the second entity; and
  
  receiving, by the first entity via the client computing device, a success code from the web server if the selected permission level is established for the second entity; and
  
  wherein the method does not require use of secure communications protocols including SSL (Security Socket Layer) and the client computing device, the web server and the authentication server communicate using an unsecure or untrusted communication link.