I think for future iterations of AS5, there is a possibility of providing an external library for integration, that will provide a Rules based authorization implementation for the containers.

For the current iteration, I want to provide xacml. Of course xacml engine can be implemented with JBoss Rules. But I feel we should provide the opportunity of using rules directly.

What I think is needed are:
a) Some type of config to be picked up during deployment that will register the policies/rules etc. This can be a deployer.
b) A Rules based authorization module.

Thoughts?