My problem is that I don't like a multiplicity of names for a single user entity. Instead I'd like much more in the way of attributes being passed in ancillary data like, e.g., authorization-data. I.e., I prefer the Windows/AD model. I get that in general that's a difficult model to apply outside Windows, but still, I prefer it. Nico --