Just trying to clarify a couple of the requirements for securing the management APIs to AS7. For both the HTTP and the Remoting APIs would the connections from the clients be maintained or a new connection established for each operation? I am trying to establish here if we are going to need our own authentication cache - if the connections are kept alive then any established identity can be held with the connection for future invocations but if we are regularly establishing new connections we are going to need an alternative caching mechanism to prevent repeatedly calling out to the back end repository of users. Regards, Darran Lofthouse. _______________________________________________ jboss-as7-dev mailing list jboss-as7-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-as7-dev