The service name.
This may or may not be the same as Principal.getName(), depending on whether the principal represents the service
itself, or simply a request made by the service on behalf of another principal.
The server name.
default boolean authenticated()
Whether the service was authenticated.
Some service identity strategies simply pull the service name from a header, which can be trivially spoofed.
This can be used to distinguish whether the service identity has been established by an insecure means such as
that, or a secure means such as client certificates, signed tokens or shared secrets.
True if the service identity was established by some secure means.