Right now the security domain configuration has separate sections for JASPI and Classic/Basic authentication. The only difference seems to be that JASPI authentication requires an additional name field per module, and JASPI authorization requires an additional login-module reference. So essentially its a superset. Is there a reason we would not want to just switch to the JASPI style of specification, and eliminate the classic style. A name per login module seems useful anyway. -- Jason T. Greene JBoss AS Lead / EAP Platform Architect JBoss, a division of Red Hat