If you need to add additional security context information into your invocation you can create a client side interceptor that adds this to your invocation object (for instance by adding additional principals into the invocation's propagation context).

On the server side implement a corresponding server side interceptor that retrieves this information from the invocation. Or modify your SecurityInterceptor to use the info).

Check the SRP implementation for an example of building handshake protocols between the client and server.

-- Juha