I've just written up a proposal about Guvnor's identity and security at http://www.jboss.org/community/docs/DOC-13404. I think maybe it is better that I call it requirement thoughts? ;-)
Please let me know what you think of it.
Sorry for the late response as I was on vocation.
Baiscally, I will define the Guvnor specific identity API, like User, Role etc, then will use the common identity project as default implementation.
I will post more here after I finish them, as I will use the gwt-rpc protocol to talk to server side. right now, I just use the GWT-EXT to have some UI with mock data to illustrate my thoughts on its requirement.
|Retrieving data ...|