These are briefly the 3 use cases that I had in mind when we embarked on the design of the IDM component. 1) Corporate Environment. There is a HQ. All the employees are stored in the model here with the basic global attributes/policies etc. Now in individual offices such as Chicago, Boston etc, the employees have local attributes/entitlements pertaining to that office. They can inherit the global attributes from the HQ (the local office has an "extends" relationship with the HQ). Each time, an employee visits a local office, he gets temporary permissions or a pseudonym in that local office. 2) University Environment All the students of the university have basic permissions/attributes at the univ level. Then individually they have roles/permissions at the department level. 3) Government Environment There is a federal government. All federal employees have basic roles/attributes etc. In individual agencies, they have their own roles/attributes etc. Between agencies, there can be a trust relationship that allows employees to perform actions (maybe under a pseudonym). View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4218754#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...