I think for future iterations of AS5, there is a possibility of providing an external library for integration, that will provide a Rules based authorization implementation for the containers. For the current iteration, I want to provide xacml. Of course xacml engine can be implemented with JBoss Rules. But I feel we should provide the opportunity of using rules directly. What I think is needed are: a) Some type of config to be picked up during deployment that will register the policies/rules etc. This can be a deployer. b) A Rules based authorization module. Thoughts? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141520#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...