To Banq, 100% about your point on cache, there is no sinle pattern can be applied universally, so it's always a tough job to get it done right on complex system.
Glad to hear that the progress on your security framework, but I feel your target is far beyond simply enforce security for main stream business applications, It's for auth controlling type applications or for applications that have extensive exposure to hierachical management, flow control etc.
Just one wish, make sure it's easy pluggable to third party system,(Topas has only a simply security config, but I will create a interface call BanqSecurityContext to be integrated in future) Oh, it should be 100% bug free ;-)
Good to get your confirmation on jbuilder popularity, I guess that's why you intend to use Jbuilder as IDE for plug.
I wish I have more free times, all my times in past month are sucked into preparing for next EAI system(In China), especially on XML transformation performance issues. but so far I have no confidence about their(developers) acceptance of using XML.