Hi, the users should all be stored in MySQL tables, the users table will not be just [username|password|property1|property2], it'll rather be [username] togehter with another table [username|property-key|property-value] where one of the property-keys will be the password. Another property-key will be the user level, which decides what rights the user will have (start processes via the child executors, create new users, etc.), so application behaves depending on users' rights. From that point of view, ldap won't be suited for my needs, so I think, in my case, there's no other way than using MySQL. Although the LoggedIn interceptor in the Hotel Booking example looks very simple to implement, the mechanisms described under http://docs.jboss.com/seam/2.2.0.GA/reference/en-US/html/security.html#d0... look VERY ROBUST and not too difficult to implement. The whole thing will become something like a control panel for websites, mail servers, database servers, etc. I've seen several existing products and they all have their disadvantages, so I will implement my own ideas on that. The cool thing about the whole thing - having postponed the choice of the tools and even of the programming language gave me a lot of time to think about the functionality and the work flows. BTW, I've been playing around with jbossws and it seems to be THE thing for me. :) Also very cool - JBossWS - Authentication is well described in the wiki doc. Thanks, Regards Michael View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4253672#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...