Identity management is the security aspect that deals with which security identity the client sends to the service and, in turn, what the service can do with the client's identity. Not only that, but when designing a service, you need to decide in advance which identity the service will execute under. The service can execute under its own identity; it can impersonate the client's identity (when applicable); or it can use a mixture of identities, alternating in a single operation between its own identity, the client's identity, or even a third identity altogether. Selecting the correct identity has drastic implications on the application's scalability and administration cost. In WCF, when enabled, the security identity flows down the call chain, and each service can find out who its caller is, regardless of the identity of the service.