1. Figure out if remote kim is possible.
2. set up a kim client, an application that uses kim in remote mode (we currently have some unit tests)
3. define some custom permissiontypeServices and custom roleTypeServices.
4. It might be best to use KFS for this... because they already define both the permissionTypeService and the roleTypeServices.
5. Integrate KFS with standalone rice. Custom servlet that has calls into the IDM service to do authorization checks. Need to make sure it's checking permissions and roles in kim that the rice standalone server will need to call back into the client for. .. ie. Chart/Org. This will test the "round trip" for us. We would want to test the speed of identity and group service operations. Switch kfs to run in embedded kim mode and run the same set of tests to compare the speed results. That will give us an idea of how kim performs in remote vs embedded mode.