A security identity is the security principal under which a method is called or access to a resource is requested. 
It is usually the principal of the component's caller, but may also be a run-as security identity in circumstances where no 
authorization has taken place or delegation of a security identity has taken place. Security identities in an environment 
are principals or groups of principals that are mapped to abstract security roles that can be authorized to have access 
to a method or resource.  Thus, the question for determining whether authorization is granted is whether the principal 
or security identity is in a role allowed access.