I want to dedicate this thread to discuss the domain model settings for the identity model (user/roles/groups) in AS7.
The concepts behind PicketLink IDM are:
a) Identity Object( user, role, group)
b) realm
c) Identity Repository inside a realm
d) one or more Identity Stores (DB/LDAP/Memory etc) for a repository.
d) Attributes possible for an Identity Object.
Given this, I think the following is a good start at configuring the idm component.
<idm>
<realm name="">
<repository name="">
<store class="DB|LDAP|Memory">
<option><name>N</name><value>sdsd</value></option>
</store>
</repostiory>
</realm>
<realm .../>
<realm .../>
</idm>