Hi, We would like your suggestions on the following :- 1. We are developing a simple social impact game with Flex at the front-end and J2EE at the back-end. We have a few roles in the game and hence would like to have Role-Based Access Control. Few APIs we have looked at are Open Web SSO, jGuard, Yale CAS, Atlassian Seraph, Kasai, Garbiel and Acegi. From the documentaion, jGuard looks like the way to go as it supports ABAC(built upon RBAC), but we still haven't tried it. Can someone share his/her experiences with jGuard and other RBAC apis ? 2.Another application we are developing for an organization requires us to enforce RBAC. The roles a user of the application can play varies depending upon his position in the organizational hierarchy. We would like to have all the components of RBAC(static and dynamic separation of duties/support for hierarchies) implemented.How to go about this ? Can an api like jGaurd be used to solve this problem ? A probable solution we found was to represent the organizational structure as an ontology(using some open source ontology editor like Protege), export it as rdf(What next ?) We would like your suggestions. Thanks.