In addition to generalizing the authorization layer, we also need to generalize the authentication layer and have a well defined SSO framework that can be used across JEMS.
The JSR-196 (Java Authentication SPI for Containers) draft has finally seen the light of day and so authentication will also be a better defined as a pluggable aspect of a j2ee container. There is no notion of SSO in this spec however, so as part of update the authentication service to support JSR-196, we also need to consider how SSO via standards such as SAML and Liberty are going to be supported.
Sun announces they will open source some of their sso tech:
http://www.sun.com/software/products/identity/opensso/