Incidentally I just got a simple idea on how (in the implementation) one principal can execute operations with the rights of another. This may help with both sp/triggers and implementing the authorization proxy control. We simply need to track the authorization principal with the LdapPrincipal. The authorization principal is the one used by the Authz subsystem's access control decision function (ACDF). The authentication principal is then used as the identity while running with the permissions of the authorization principal. Based on controls and stored procedure ownership the AuthZ principal can be changed at any time and reverted back to the AuthN principal by the server.
This would not be too hard to implement given the architecture of the server and of the AuthZ service. Alex
