"anil.saldhana(a)jboss.com" wrote : 1) SSL/TLS should be available on the transport as a choice and not default. Yes, this is what I intended to say. "anil.saldhana(a)jboss.com" wrote : 2) I am interested in encryption provided as an option when the ssl setup is not acceptable and/or user just needs to avoid man-in-the-middle attacks. An issue with encryption is symmetric key management. This is where SRP is interesting. One end does userid/pwd. The server does prime numbers. They interact and agree on a session key. | 3) SRP can be done as a JCA provider for GSS. As far as I know, SASL does challenge/response. So SRP should fit in pretty easily. There is code already written by Scott (probably in the varia module) that can be adapted. OK, so an SASL marshaller would cover this. My understanding is clearer. Thanks for the feedback. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060929#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...