What protocol is specifically built for user authentication and authorization across distributed systems?

The best answer is Security Assertion Markup Language (SAML) because it is specifically designed for user authentication and authorization in single sign-on (SSO) scenarios across distributed systems. SAML facilitates the exchange of authentication and authorization data between an identity provider and a service provider, allowing users to authenticate once and gain access to multiple applications or services without needing to re-enter their credentials. This is particularly useful in environments where various applications are hosted on different servers or domains, as it streamlines secure access while maintaining user identity.

The other protocols, while related to user authentication and authorization, have different focuses or applications. Open Authorization (OAuth), for example, is primarily an authorization framework that allows third-party applications to access user data without sharing passwords, but it does not handle user authentication as SAML does. Lightweight EAP (LEAP) is a framework used for validating users and devices in wireless networks but isn't designed explicitly for distributed system user authentication across different services. Shibboleth is an open-source project that also leverages SAML for federated identity management, but it serves as a specific implementation rather than being a protocol defined for user authentication and authorization itself.