Remy, Anil, (I'm cc'ing jboss-dev for archive purposes) Sergey , a new web services/resteasy hire, has done some great work around OAuth lately. I'm interested in taking his stuff to the next level and make it consumable in a way JBoss AS users are used to configuring security. Specifically, I'm interested in defining a OAuth login-config/auth-method within web.xml i.e. <login-config> <auth-name>OAuth</auth-name> <realm-name>...</realm-name> </login-config> This would be an initial step, eventually I'd like to be able to configure a web app to support multiple authentication mechanisms, so that one URL could support both OAuth and traditional clients. Is JSR 196 the way to do this? Do we support in AS6? Is there doco someplace? (I couldn't find with a search). Thanks, Bill -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com