"jkurtz.wa(a)gmail.com" wrote : | The Integration point for a JBoss ESB Service could be an action class or Spring Listener class. This class could be the Policy Enforcement Point (PEP) for either authentication or authorization. The PEP would then call out to some mechanism, pluggable of course, to perform the analysis. | I'm not so sure about that. Certainly in Overlord where we have been looking at PEPs from a governance perspective, filters/interceptors seem more appropriate since they can be imposed by the infrastructure. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187764#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...