Hi,

There is a different between using substitutes and forwarding authorization.

Forwarding the authorization is done on one off situations/emergencies, where the authorizer who is forwarding the authorization, trust the authorizer the role is forwarded to, to act on behalf of him, for a one off situation.

When implementing the authorization forwarded function, RnD has decided they will not allow a substitute, that was assigned for the ‘forwarded-to’ authorizer is to authorize the object, that was passed on to the ‘forwarded-to’ authorizer, based on trust. It was not expected that someone else (even though they are eligible, as a substitute, for a certain duration) will step in for the forwarded authorization. 

As forwarding is done in emergencies, it is unlikely that someone will forward the authorization to another person who is on planned leave for the period (aka, has a substitute). It would be more likely that A will straight away forward the authorization to C, bypassing B, as he is already away/planned to be away. 

We can argue the substitute is a legitimate authorizer to act on forwarded-to authorizers objects, but this was a decision taken at the design stage.

You can read about this also in solutions 248279, 290062.. 

If you can get your hands on the original spec, you might be able to read more.

Hope this helps,

Asanka