ABOUT THE SPEAKERS Sudhir Bhojwani is a senior architect working for BEA Technical Solutions Group. He has over eight years of industry experience architecting and designing systems based on component technologies like CORBA and EJBs, and most recently working on SOA principles. Sushil Shukla is a principal architect working for BEA Technical Solutions Group. He has 19 years of industry experience and 9 years of architecting and designing application server-based large systems. He has extensive experience with tools and technologies used in developing mission-critical applications. Sudhrity Mondal is a principal architect working for BEA Technical Solutions Group. He has 14 years of industry experience and specializes in Java technology, enterprise integration solutions, object-oriented software design, and development and software patterns. He has helped prominent BEA Customers to architect, design, and implement new systems using Tuxedo, J2EE, and Web services over the past eight years. SESSION DESCRIPTION Even though WS-* security standards (WS-Security, WS-Trust, WS-SecureConversation, WS-Policy, etc.) are sufficiently prescriptive on specific security subjects like signing, SOAP message encryption, and request/receive security tokens, they do not provide end-to-end security protocol that Web services can depend on to meet their security requirements. The most significant gap is identity propagation from a Web service into a J2EE container. Current JAX-RPC specification or JSR 109 does not cover this issue. This presentation identifies the gaps and discusses the approaches to plug these gaps. It also discusses implementation of a solution for identity propagation from client to Web service and from Web service to J2EE container.