The application assembler or application component provider must identify all security dependencies embedded in a component, including:
All role names used by the components that call isUserInRole.
References to all external resources accessed by the components.
References to all intercomponent calls made by the component.