The ESB security will certainly support AS security.
Are there any other capabilities than the existing ones in the AS?
What's the relationship between de AS security and the JBoss security project??
Thank you very much Mark.
P.S.: excuse my english.
There are other security specifications and standards that we will support. For example, OASIS WS-SX will be the standard for Web Services and we will try to leverage that within the ESB, even when you're not using SOAP and WSDL.
How should we handle the concept of authorization? Seam has recently gone to the concept of using JBoss Rules in its new security framework. Perhaps we can leverage some of those concepts as it relates to service lookup and service invocation (what your group can see, what you group can call).
We could certainly look at JBR as a basis for an implementation. However, we need an abstract notion of authorisation and security in order to allow other implementations to be tied in.