This API was introduced to cover the case where authentication happens late in a request, generally that is quite a rare event.

Even though the API may be popular it would likely happen once for a session and all future requests for that session the identity would be known in advance.

At the moment by not running as the existing identity we are loosing all automatic identity outflow opportunities as calls pass from the servlet container to the EJB container.