Single sign-on infrastructure to support strong authentication of the SSL client certificate on a web server – most prominently CA's Siteminder – provide the security context on the HTTP header. This security information usually contains the authenticated user identification and location information for the application to perform location aware access control. The security context can be provided in plain text or in form of an ASN.1 token.
In order to perform location aware access control and support strong authentication in ABL procedures running on the AppServer accessed through a web server ( REST, WSA a AIA ) this HTTP header information must be accessible in the ABL.
Ideally the session system handle would provide such an attribute like it does for the server-connection-context.
Without access to such information in the ABL logic on the AppServer location aware access control and support of strong authentication is hardly possible.