Currently we use Seraph framework in Confluence to implement our authentication against Nukes DB.
But this framework is not used during RPC call authentication which brings some problems to us (we must store real passwords in conflu DB too which is rather problematic during jboss.org account password change and will not be possible if we switch to true web SSO).
So we should use lower level Embedded Crowd directory reimplementation in Confluence to authenticate everything against Nukes DB.