I can't imagine how we could agree on the common identity model. Everyone needs slightly different identity entities structure, relations or even attributes/properties. Look at what Sun has in JES (Java Enterprise Systems). Whatever you deploy (portal, mail server etc.) you always have Access Manager (opensourced as OpenSSO) that acts like a black box to handle all the identity operations. Behind it you can plug a number of different identity stores. If you look at the API you'll see that while it defines few kinds of entities (user, role, group) the relations and attributes are not really strictly defined. So you can query two objects about what the relation can be. And in their scenario AM handles both identity and permissions. IdM is quite huge thing and I don't know if we want to start a home grown solution right now. Its not something easy to implement to have "fit all projects" solution. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098368#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...