Good evening,
If I understand your question, I beleive your asking under what criteria would you use the credential vault.
The Credential Vault is a service that stores credentials that allow portlets to log in to applications outside the realm on behalf of the user. It manages multiple identities for portlets and users.

Using Credential Vault, a portlet can retrieve a user's authentication identity and then pass the information to a backend application.

Implementation.....
Active Credentials allow you to establish connections through Basic Authentication, Lightweight Third Party Authentication (LTPA) token authentication or simple form-based user ID and password challenges. The Service encapsulates the single sign-on functionality for the portlet writer in an object.
Passive Credentials
Passive Credentials retrieve stored secret data such as user ID and password or certificates. This option is more flexible but requires portlet writers to manage their own connections and authentication to backend applications with the credentials (User ID and password) they retrieved from the Credential Vault.


Aside of the infocenter, I think you will find this link very helpful as well.

http://www.softwareorbit.com/documen...bsphere-portal