...
Different users might have different privacy requirements for the Subject API. Security by realm is a new feature in 2.2 which is implemented in the JDBC2 source adapter. Callers can pass in which "realm" the search should take place in, and the source can adjust how the search takes place, what attributes look like, etc.
The use case is that a software application using the Subject API has two types of users: authenticated and admin. If an authenticated user is using the application, then the Subject API should change in two respects: data
1. Data should be displayed which is from the authenticated online directory, and
2. When when free-form searches take place, it should only search data from the authenticated online directory.
Thus Thus, people who for privacy reasons are not listed in the online directory might not have a name or affiliation searchable or displayed in the application. If someone is picking a person in the people picker who is not showing data in the authenticated online directory, they will need to be picked by netId or subjectId. However, admin users should be able to search anyone by name, and should be able to see the full institutional name and affiliation of any user.
...