We are currently using a RuntimePermission in SecurityIdentity to authorize the calling protection domain to do a run-as conversion. Since RuntimePermission is managed by the JDK, we should switch to another permission, such as ElytronPermission or an AbstractBooleanPermission subclass, to represent this permission.