A security identity is the security principal
under which a method is called or access to a resource is
requested. It is usually the principal of the component's
caller, but may also be a run-as security identity in circumstances
where no authorization has taken place or delegation of a security
identity has taken place. Security identities in an environment are
principals or groups of principals that are mapped to abstract security
roles that can be authorized to have access to a method or resource.
Thus, the question for determining whether authorization is granted is
whether the principal or security identity is in a role allowed access.