This document discusses developing a security framework for JavaServer Faces (JSF) 2.0 based on the OWASP Enterprise Security API (ESAPI). It introduces ESAPI and JSF, describes how ESAPI can be integrated into JSF at the model, view, and controller levels, and outlines the project goals of providing an ESAPI library to reduce developer work and securely implement features like authorization, validation, and filtering. It presents demos and concludes by seeking feedback on addressing common JSF vulnerabilities.