Thanks, Jason. Three levels of response to your query about security and validation: 1. Security is something that I would propose track closely with developments from Scott Stark's group. It appears that, from a JB-AS perspective, those folk have this issue nailed. 2. Encryption/Decryption is a separate matter, as the payload of data within JBESB-MX should have the option of using "good old" PKI for encrypt/decrypt/non-repudiation. As you suggest, the door should/would be left open for the user to incorporate the organization's tool of choice (PGP, SAML, XMLDS). 3. Validation is a more content/context oriented operation, requiring (in my view) the Data Transformation (JBESB-XL) to apply standards and user-authored rules to the data payload to validate its structure and content. As to tying in with JBoss AS, my purpose for publishing this proposed infrastructure at this early date is to ensure that nothing is out of line with JBoss' roadmap. Dave View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956992#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...