Security in Java EE has long been under used and under specified. The existing set of specifications range from overly complex to non-existent. The result is almost no one uses Java EE security. Java EE 8 is upon us and with it brings another opportunity to clean the slate and create something useful. This working session is intended to get attendees quickly up to speed with the current state of affairs, poll information from the audience then pose the question of how do we move forward?