Design an API which may be used to get the principals in force from any SSL or SASL session. On the server side, listeners should be executed with an authenticated Subject if possible; though it might be better to simply make the principal information available and let the application layer perform security duties.