The JAAS Howto describes how the security context is propagated between two jboss servers. Its upto the authentication layer, typically JAAS login modules to deal with trust.
In J2EE, the security context is only coupled to RMI/IIOP transport and so there is not a general security context notion that applies for all J2EE server interactions currently.
Are you aware of any third party or open source implementations of JAAS that facilitate trust relationships between two distributed J2EE applications?
I would much rather opt for a proven solution were one available than develop one from the ground up; the danger of opening up a major security flaw by a developing a naive JAAS implementaton troubles me.
Should there not be an implementation of JAAS with trust available, are you aware of an appropriate trust protocol that would map well to JAAS and J2EE to give me a head start?
This is outside of the scope of JAAS. It has to be done at a higher level like xacml, which has an opensource impl: http://sourceforge.net/projects/sunxacml. JAAS is just the integration point for the authentication callout.