I think this is a great idea. I for one am running into issues where SASL authentication cannot dovetail into JAAS. But I still want to use the common authorization system, which I think is still a good fit, as well as the central identity repository (whatever it may be).