Could you describe more the usecase?
GateIn or other system. There may be a policy for how many times a login attempt can fail. If greater than certain attempts, lock the account.
Typically this lock in policy may be part of the ldap attribute. But it will be cool for the IDM framework to model/account for this feature.
Sounds good but my concern is how much "logic" should be put inside IDM. People are also asking about putting security kind of logic which I would like to keep outside of the core framework. Such feature would probably fit into some kind of callback mechanism which would enable to add pluggable logic.