Domain to domain identity propagation ------------------------------------- Key: ELY-178 URL: https://issues.jboss.org/browse/ELY-178 Project: WildFly Elytron Issue Type: Feature Request Components: Realms Reporter: Darran Lofthouse Assignee: Farah Juma Fix For: 1.1.0.CR1 At the lowest level a users identity is associated with a single SecurityRealm, two accounts that authenticated against different realms will never be considered equal. However on top of this we have the security domains, a security domain amongst other things is an aggregation of realms. Incoming server connections and also applications can be associated with a security domain. However we still have the following two scenarios of a call to complete the consideration for: - Connection -> Deployment Deployment -> Deployment In the first case the connection may be associated with a security domain with a large set of realms, however the deployment may be associated with a smaller set of realms. In the case that the realm is in both of these domains we need the identity to be able to automatically propagate. Same for deployment to deployment calls, if there is a common realm the identity should propagate.