J2EE is laying the groundwork for single sign-on by providing the J2EE Authorization API in J2EE 1.4 and the newly filed JSR for Authentication - JSR 196. Together, these provide a standard way for integrating the security provided by an app server with the existing security infrastructure of an organization.