In those situations where the credential authentication service 301 generates a master credential on behalf of a requestor 310, this can be achieved by acquiring from the requestor 310 a requestor identification and additional information, such as a password, digital certificate, or digital signature.