JSR 375: Java EE Security API works on the following enhancements: standardize user management, syntax for indicating passwords stored in secure repositories with password aliasing, and definition and standardization of a 'role service' API with role mapping. There’s also scope for a new CDI interceptor annotation to perform application-domain rules at the method level or enhancements to authentication. Where feasible synergies with prior JSR 351 (Identity) shall also be explored. In this session we’ll present the current status of this JSR and what's going on in the JSR 375 Expert Group.