3.3.5.2.6 Resource Access Control

The user's Authentication Context MUST be conveyed to the WS resource that the user originally tried to access. The location of the WS resource MUST be retrieved from the wctx parameter in the wsignin1.0 response message. How this Authentication Context is passed to the WS resource is implementation-specific and not addressed in this protocol. Commonly used techniques when the relying party components are located on separate servers include an HTTP cookie, a query string parameter, or a POST body.<77>