There are two applications, A and B and they belong to two different organizations.

A is an Oracle 8i web application.
It is our legacy system. Modifications to it are possible but only if unavoidable :-) Its users/roles/passwords are stored in (you can guess it) Oracle DB 8i.

B is a JSP/Servlet based web application (Tomcat 4.x) of a business partner. Modifications to it are unlikely and any deployment on their environment can only be achieved with much of arm-twisting :-)

Application A needs to contain links to certain pages of Application B. Assuming application B allows to address the JSPs directly in the URL for a user having valid session, what are my options for single sign-on? Users will have different passwords on each systems (usernames may be same or different... to be decided).