JSR339 will provide a Client API and will target inclusion into Java EE 7. Java EE defines a client container. For EJB it defines the use of JAAS, so a client GUI could show a dialog asking for a password when asked by JAAS to do that, then the ACC forwards the credentials to the server with any further EJB invocation. For JAX-RS clients running inside the ACC the same must be possible, i. e. as a reaction to WWW-Authenticate the JAX-RS client must trigger JAAS which in turn asks the provided callback handler to show the login dialog or to return the stored credentials, and then must send the same request again with Authorization: header. It must not be the client application's job to configure the Client API to do so, just as it is not it's job with EJB currently. Again, this feature is only requested for applications running inside of the Java EE Application Client Container. Thus, the JSR339 specification must add a chapter about the deployment target "Java EE Application Client Container" in parallel to the existing target "Java EE" which currently only talks about the server side.