Using federated authentication providers does not share the credentials with the consuming services. You also touched on another benefit of such models, centralized control of that authorization. For example, in your sMule scenario, you can control to disconnect and de-authorize access from your central identity provider you chose to use vs having to go to each site and service and remove your account. A good overview of why federated identities have benefits: https://auth0.com/blog/why-identity-federation-matters/