Well, JBoss Security is not just security specified by the Java EE specifications. With my active participation as the Red Hat representative on JSR-196 at the JCP and Oasis Technical Committees on SAML, XACML, PKI, EKMI and WS-Federation, I am always exploring new things that will make the users of JBoss security feel more secure and have confidence in adopting JBoss as the platform for secure computing.
Given this, I am always happy to interact with my users. You can always send me an email at anil (AT) saldhana (AT) redhat (dot) com. I may not answer immediately but will certainly get back to you, provided you are talking about some meaningful stuff. New features, new directions, new requirements will all be met with glee while RTFM type questions will be ignored.
I also represent on the Security Context Working Group at the W3C.