If you read Item 50, you learned that the COM authentication level is a setting that a client and server use to negotiate the protection of calls between them. The impersonation level is quite different, as it's designed purely as a protection for the client. You see, a secure server requires its clients to authenticate. And during authentication, if the server is trusted for delegation (Item 62), the underlying security plumbing normally sends the client's network credentials to the server via a Kerberos ticket (Item 59). The impersonation level is the client's control over whether this happens.

There are actually four levels, but only the last two of them are really meaningful in network scenarios: ...