High value business information is often being maintained within multiple data processing systems in distributed system architectures. Security for each system demands effective access controls whilst administrators are faced with significant overheads for handling multiple accounts for each user. XSSO-PAM provides a standard interface between applications and sign-on systems so that whatever the underlying technology of the application's authentication technology, they will plug-and-play with a 'coordinating primary' single sign-on system. This enables applications and their host systems to continue to maintain their own account databases, but it also enables those applications to move towards use of the more strategic distributed security services, enabling migration from multiple uncoordinated security systems to a coherent security architecture for all applications. PAM also simplifies some aspects of security management. The XSSO-PAM Specification therefore supports a practical approach which enables sign-on (SSO) for applications in a distributed environment.