A security identity is the security principal under which a method is called or access to a resource is requested.
It is usually the principal of the component's caller, but may also be a run-as security identity in circumstances where no
authorization has taken place or delegation of a security identity has taken place. Security identities in an environment
are principals or groups of principals that are mapped to abstract security roles that can be authorized to have access
to a method or resource. Thus, the question for determining whether authorization is granted is whether the principal
or security identity is in a role allowed access.