We currently use the required_identity in the logical HTTP target; but this should no longer be necessary. Instead, we should simply use this header as a means to validate that endpoint being used has this identity and fail if it does not.

We should:

• Remove this field from the outbound target types
• Add a new layer on the endpoint stack that checks+clears this header for each request against the endpoint's identity value.
• Throw an error on the request if the endpoint's identity doesn't match the value in the header
• Handle the error with all other error handling (probably a 4XX error?)