I'm not sure how Flex handles security. How does Flex work
with other security systems, such as Identity Management, SSO, ...?
Does Flex use the security module built in the browsers or use its
own? Should we build our own login system in Flex?
After a user logins to an application, the user should see
the UI he/she is allowed to see. Should this UI be controlled by
states on client side or by the login server? Should login UI and
application UI be separated in two applications?
I do not know how comprehensive the Flex security is. It
should include authentication, authorization, cryptographic,
encryption, SSL/TLS, certificate, digital signature, ...