...
ServiceTickets add to Ticket an additional property: the Target to which the ServiceTicket is intended to authenticate.
What is authenticated by a ServiceTicket? When a ServiceTicket is validated, the validation response is a representation of the chain of Principals from associated with the GrantingTicket that granted the ServiceTicket, and the GrantingTicket (if any) that granted that GrantingTicket, and the GrantingTicket (if any) that granted that GrantingTicket, and so forth up the chain until we reach a GrantingTicket that was the first in the chain.
It's turtles all the way down.