3.2.3.4.2 Retrieving Client Identity
During the authorization process, a higher-level protocol on the server often needs to retrieve the identity of the client making a given request. A server implementation MUST try to retrieve the client identity by executing the following steps in this order:
If the auth_proto field of the client request is nonzero, the server MUST lookup the security context handle from the activity's Table of Security Contexts using the key_vers_num in the sec_trailer_cl of the request and MUST request that the security provider that created the security context retrieve the client identity. For details on how a security provider determines the client identity, see the documentation for the respective security provider.
If the auth_proto field of the client request is zero, the server MUST report this to the higher-level protocol in an implementation-specific way.