Currently, the Identity bean can be configured to live either in

• Session scope (the default, for web), or
• Request scope (the stateless mode, for remote client applications).

The scope configuration should be more flexible, allowing also other custom scopes.

For example, DeltaSpike features a Window scope, a normal passivating scope. It makes sense to want to have a window scoped identity, to enable a user-per-window application (like Google does). Currently this is not possible with PicketLink.

The IdentityBeanConfigurationBuilder could be expanded with a method such as

scoped(Class<? extends Annotation> type)

which would check whether the given annotation is @NormalScope(passivating = true).
It should also be documented as mutually exclusive with stateless() and scoped would take priority if both would be used (or it could be a definition error).