Depending on the sensitivity of the operation in question, you might have to choose between implicit trust, verifying the identity of the caller, or asking the caller to provide the credentials of the original principal.
Can choose implicit trust for authentication but verify authorization? No credential passing needed, just identity of original caller. Some risk of breaching perimeter and then calling Willy-Nilly to downstream services. Could be devastating based on the identity that gets compromised. if customers only have access to their own data, should be fine, but if there are admin accts, those will be the targets.
