1. (OSGI) use session id -> store session id in shared cache area and compare against servlet parameter
2. Use OAUTH
3. Expand (1.) set session value via REST , include user/pass. Client will send session on each call to proxy
4. Encrypt URL parameter based on other parameters such as , useraddress, userpassword etc