When the Worker launches a remote job as dispatched by the Supervisor, it can potentially create several processes, all controlled by the Worker. Since Qube is designed to emulate a user executing jobs on a remote host, the Worker will have to run these processes as a user.
Under Unix-based operating systems, all that is required is the setting of a "setuid" bit that enables a privileged process to then run as any user.
On Windows, this is handled quite differently. Under Windows, any process attempting to impersonate another user will have to produce certain security information, including the user's encrypted password. So the Worker can produce this information every time it creates a new process, the information is stored in the Supervisor and handed to the Worker when requested by the System. The Worker creates an authentication token when it creates a new process, and the System then permits the process access to the user's environment and files.