diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/BasicSession.java b/authentication/source/java/ch/systemsx/cisd/authentication/BasicSession.java
new file mode 100644
index 0000000000000000000000000000000000000000..c738e06377d1e57771cd2226750cdf1b36628a99
--- /dev/null
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/BasicSession.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.authentication;
+
+import java.io.Serializable;
+
+import org.apache.commons.lang.time.DateFormatUtils;
+
+/**
+ * Basic session object.
+ *
+ * @author Franz-Josef Elmer
+ */
+public class BasicSession implements Serializable
+{
+    protected static final String DATE_FORMAT_PATTERN = "yyyy-MM-dd HH:mm:ss";
+    private static final long serialVersionUID = 1L;
+    
+    private final String sessionToken;
+    private final String userName;
+    private final Principal principal;
+    private final String remoteHost;
+    private final long sessionStart;
+
+    /**
+     * Creates an instance from the specified session token, user name, principal, remoteHost, and
+     * session start (in milliseconds since start of the epoch).
+     */
+    public BasicSession(String sessionToken, String userName, Principal principal,
+            String remoteHost, long sessionStart)
+    {
+        assert sessionToken != null : "Given session token can not be null.";
+        assert userName != null : "Given user name can not be null.";
+        assert principal != null : "Given principal can not be null.";
+        assert sessionStart > 0 : "Given session start must be larger than zero.";
+        assert remoteHost != null : "Given remote host can not be null";
+        
+        this.sessionToken = sessionToken;
+        this.userName = userName;
+        this.principal = principal;
+        this.remoteHost = remoteHost;
+        this.sessionStart = sessionStart;
+    }
+
+    /**
+     * Returns the unique session ID.
+     */
+    public final String getSessionToken()
+    {
+        return sessionToken;
+    }
+    
+    /**
+     * Returns the owner of the session.
+     */
+    public final String getUserName()
+    {
+        return userName;
+    }
+    
+    /**
+     * Returns full information about the user.
+     */
+    public final Principal getPrincipal()
+    {
+        return principal;
+    }
+    
+    /**
+     * Returns the remote host.
+     */
+    public final String getRemoteHost()
+    {
+        return remoteHost;
+    }
+    
+    /**
+     * Returns the time when the session has been started (in milliseconds since start of the
+     * epoch).
+     */
+    public final long getSessionStart()
+    {
+        return sessionStart;
+    }
+    
+    @Override
+    public String toString()
+    {
+        return "BasicSession{user=" + userName + ",remoteHost=" + remoteHost + ",sessionstart="
+                + DateFormatUtils.format(sessionStart, DATE_FORMAT_PATTERN) + "}";
+    }
+}
+
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/ISessionFactory.java b/authentication/source/java/ch/systemsx/cisd/authentication/ISessionFactory.java
new file mode 100644
index 0000000000000000000000000000000000000000..614bc1fdd5b0a9d17c61733a56c41565f870425e
--- /dev/null
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/ISessionFactory.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.authentication;
+
+/**
+ * Interface for a factory of {@link BasicSession} objects.
+ *
+ * @author Franz-Josef Elmer
+ */
+public interface ISessionFactory<T extends BasicSession>
+{
+    /**
+     * Creates a session from the specified session token, user name, principal, remoteHost, and
+     * session start (in milliseconds since start of the epoch).
+     */
+    public T create(String sessionToken, String userName, Principal principal,
+            String remoteHost, long sessionStart);
+}
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/ISessionManager.java b/authentication/source/java/ch/systemsx/cisd/authentication/ISessionManager.java
new file mode 100644
index 0000000000000000000000000000000000000000..b0c096643eddd34bf1f9d7b267d2f2af896e403d
--- /dev/null
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/ISessionManager.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.authentication;
+
+import ch.systemsx.cisd.common.exceptions.UserFailureException;
+import ch.systemsx.cisd.common.server.IRemoteHostProvider;
+
+/**
+ * Implementation of this interface takes care of creating, managing and removing sessions.
+ * <p>
+ * It is a good idea to think about session synchronization when implementing this interface: you
+ * should synchronize access to <code>Session</code> objects.
+ * </p>
+ * 
+ * @author Christian Ribeaud
+ */
+public interface ISessionManager<T extends BasicSession> extends IRemoteHostProvider
+{
+
+    /**
+     * Opens a new session with given <code>user</code> and given <code>password</code>.
+     * 
+     * @return A session token that is used afterwards to get the <code>Session</code> object, or
+     *         <code>null</code>, if the user could not be authenticated.
+     */
+    public String openSession(String user, String password);
+
+    /** Closes session by removing given <code>sessionToken</code> from active sessions. */
+    public void closeSession(String sessionToken);
+
+    /**
+     * For given <var>sessionToken</var> return the <code>Session</code> object.
+     * <p>
+     * You should already be authenticated before calling this method.
+     * </p>
+     * 
+     * @throws UserFailureException If user is not authenticated.
+     */
+    public T getSession(String sessionToken) throws UserFailureException;
+
+}
\ No newline at end of file