"scott.stark(a)jboss.org" wrote : This has to be driven by the security aspects and the usecases I outlined. The SecurityAssociation is at best an implementation detail of some aspects. We should be looking to propagate security context info via the invocation payload rather than thread locals. | Yes, that I understood with your previous feedback. That is where the complexity arises with run-as propagation. Apart from RAI, what other trust associaters need to be sent via the payload. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3991436#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...