Looked at the JBossSTSSecurityHandler class, I'd like to propose that we move this kind of handler to the identity federation codebase, along with WSTrustClient class. As I thought this should be reused by other projecs, not only the ESB. Besides, this sort of class should more belong to JBoss STS more than esb itself. In regard to the ESB, the JBossSTSAction and JBossSTSLoginModule should be enough. What do you think? Thanks Jeff View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4255861#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...