Right now we are still using the same format we had in previous versions (except replacing application-policy for security-domain). We are not using FQCN for the login modules. We are using aliases for the class names mapped on the ModulesMap interface. Have in mind that this is likely to change when we finish separating authentication from role mapping in the JAAS login modules.