For many WCAP commands, you must specify the session identifier (id) that is returned by the login command. The session identifier ensures that data is accessible only to authenticated users with the required level of privilege or ownership.
When logging into the system, a user provides authentication of identity. The default authentication mechanism uses plain-text passwords and user names. Calendar Server generates the session identifier only when authentication is successful. The identifier then serves as proof of authentication in subsequent calendaring operations.
You can customize the authentication mechanism to use a local or external authentication scheme, see API: csIAccessControl.
For more information about how to configure authentication, see chapter 10 in the Calendar Server Administration Guide: Sun Java System Calendar Server 6 2005Q4 Administration Guide.