Brian Krisler [http://community.jboss.org/people/bkrisler] replied to the discussion "Make JBossPDP an interface to allow easier insertion of custom PDP." To view the discussion, visit: http://community.jboss.org/message/559902#559902 -------------------------------------------------------------- I too am against reinventing the wheel and that is one of the reasons we selected Picketbox/Picketlink as a staring point for our research. When we started, we reviewed all of the existing SAML/XACML solutions in the open source and found that Picketbox/Picketlink put us close to our goal with minimal modification. As far as why I need to create a custom PDP, there are two reasons, (if I missed something that would allow these features in the existing implementation, a pointer would be great!): 1) We need to support attribute-based authorization. The current implementation appears to be     role-based authorization. 2) We need to support remote Attribute Authorities. From what I can determine, this would require      modification of the PDP to allow for configuration of a known/trusted attribute authority that      is not self contained. Another requirement I have not started to investigate, however I think should be supported in the existing PDP is the intergration of a custom rule combining algorithm. At the moment, the custom PolicyRegistration approach is the route I took. This has allowed my to extend and modify the existing PDP to meet my requirements. It is possible that what I am doing is very specific and not worth modification of the existing implementation. Hope this helps some in clarifying my intent. Brian -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559902#559902] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]