Some of ideas discussed in the other topic (http://www.jboss.com/index.html?module=bb&op=viewtopic&t=144427) ends up in a more general question on how API model objects should be designed/implemented.
Should the Identity/Group/Role objects be plain pojos or expose some of management operations.
1) Plain POJOs - Identity/Group/Role objects keep minimal information about Id/Name/Type. They are easily seriazible and there are no problems with closed session (like with detached hibernate entities). With this approach even getDescription method should be removed as it needs a session reference to retrieve the value.
2) Model objects keep reference to the associated session and expose some of management operations like
Group.associateGroup(Group group) Group.associateIdentity(Identity identity)
employeeGroup.associateIdentity(jackBlack) and identitySession.getRelationshipManager().associateIdentity(employeeGroup, jackBlack)