Currently, SwitchYard's SecurityContext is accessed via a ThreadLocal. This could become problematic for a variety of reasons. Thus, accessing the SecurityContext from a SwitchYard Exchange (or the Exchange's Context) is most likely desirable. Care must be taken with regard to the effect this could have on serialization, as well as privacy of credentials carried within the SecurityContext itself.