Record last login data for individual credentials
It's useful for users to see last login information for each secondary credential separately (e.g. ASPs, hardware tokens, etc). This requires introducing some sort of credential identity descriptor structure, and pass that to user-meta-server for logging.