I'm glad I'm doing this presentation/demo screencast thing. Its flushing out some issues already: The AccountService registered a specific application to the realm. users are required to have a account service role to be able to access the acct mgmt page. We may end up having more default applications in the future and default roles in the future. Because of this the import format needs to change. Application scope and role mappings are contained under the ApplicationRepresentation. These need to be broken out and placed within the RealmRepresentation instead. So, RealmRepresenation would have: Map<String, UserRoleMappingRepresentation> accountRoleMappings; Map<String, ScopeMappingRepresentation> accountScopeMappings; Key would be the account name. Also, I'm going to have a "registrations" field in addition to the "users" field. It will be the same as the "users" field except that created users will have default realm and application roles applied. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com