@Tom, anonymous wrote : right ? right anonymous wrote : * to make it pluggable for LDAP as well, all the relations would have to be navigated over the session facade as well. that on itself is not a big deal, but it breaks a bit the simplicity that we get by systematically using the hibernate persistence architecture. So? Ditch it... (just kidding) I bet in real live few people will use the identity service as it is. Isn't that why Alex had to build an ldap impl? I have no real preference but it really needs cleaning up @Alex anonymous wrote : Is this the kind of cleanup you did? Exactely... IdentitySession got ditched, IdentityService configurable via jbpm.cfg.xml but the difficult part is the User and Group object dependency. If I create interfaces for those (they moved from the identity project to the core in my case), hibernate complains about the mappings and I'm to little a hibernate expert to fix that at the moment... anonymous wrote : | Earlier I proposed merging ExpressionSession into IdentityService. On a second thought, the separation between the interfaces also corresponds to the separate requirements of each client of the identity service. Identity implementors could choose to implement only those interfaces that correspond to the features in use. Hmmm I think I understand what you mean, but because of simplicity, I'd still merge them. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137218#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...