Hi Aaron, I posted couple of messages on this subject. One is geronimo security review on the atlassian wiki (with the help of Hernan) where I propose some refactoring to the login service.
The other one is about externalizing sensitive data out of the deployment plans and creating security vault with different qos. (msg: is deployment plan a secret). I'd like to participate in this work, but do not know what a committee means... Simon
