[gatein-dev] clustering sso, exo.profiles and wsrp webservice security

Hi, For wsrp ws-security we need to pass the username and actual password (not token) between the consumer and producer. We need to do what is currently done with the ClusteredSSOFilter and PortalLoginModule when the clustering exo.profile is enabled. What is the current policy for dealing with exo.profiles? I can't seem to find much info on it other than when to use it for the clustering setup. Would it be acceptable to create a 'sso' or 'wsrpsso' profile which would also enable the authenticated credentials propagation in the ClusteringSSOFilter and PortalLoginModule? Or is the profile setup reserved for other tasks? I would rather not have to duplicate this effort in the wsrp code. Thanks, Matt Wringe