Details
-
Task
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
Medium
Description
The ServerAuthenticationContext should capture the identity in force for its domain when it is constructed. Any authorization attempt should always apply to the current identity - either the captured identity, or whatever the last successfully authorized identity was in the context.
The attached state diagram should accurately summarize how authorization identity flows through. Authentication identity is only available during the "NAME ASSIGNED" state; once authorization occurs, the authentication identity is no longer useful and is disposed.