Currently the SpnegoAuthenticationMechanism caches against the connection scope and uses the cached GssContext to recreate the identity.

We should consider the following: -

1. Using the same cached identity mechanism as is used by FORM authentication.
2. Adding configuration to specify which scope to cache against.
3. Add an option to disable caching entirely, this would need to take into account cases where continuation is required as that would become unsupported.