"anil.saldhana(a)jboss.com" wrote : It is just one of the use cases possible. | | It should be pretty straight forward to implement this use case as a valve/servlet filter and tie it with the container security. | | The question would be what trust information gets associated with the user name that floated in? Maybe the digital signature of the sender with whom the IDP has trust relationship..... I'm more concerned about the user identifier, SP-1 could have use the username identifier while SP-2 could use the email as the identifier then there is a problem by matching the identifiers. Does any know if there are a standard for these? I have been looking at the "Name identifier Management Profile" but not sure if it's the adequate, as I see it to open and want avoid creating something none standard. Maybe a kind of alias service that manage the mappings of ids related to unique identifier... View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4217129#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...