more description on security model
diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md
index aaa1618..8f747e2 100644
--- a/README-SECURITY-MODEL.md
+++ b/README-SECURITY-MODEL.md
@@ -39,7 +39,7 @@
### A Typical Deployment
- (**Client**)<--https-->(**FortressRest**)<in-process>(**FortressCore**)<--ldaps-->(**DirectoryServer**)
+ (**Client**)<---https--->(**FortressRest**)<-in-process->(**FortressCore**)<---ldaps--->(**DirectoryServer**)
* Consists of three tiers: 1. **Client**, 2. Servlet Container hosting **FortressRest**, and 3. **DirectoryServer** that stores the policy information.
* The **Client** is any HTTP interface that supports the Apache Fortress message formats.
diff --git a/README.md b/README.md
index f5c974b..5a42a1a 100644
--- a/README.md
+++ b/README.md
@@ -255,7 +255,8 @@
These tests will use the Apache Fortress Core test programs to drive the Apache Fortress Rest services.
It works via fortress core's inherent ability to call itself over REST, useful for testing and hopping over firewalls.
- (**FortressCore**)<--https-->(**FortressREST**)<--in-process-->(**FortressCore**)<--ldaps-->(**DirectoryServer**)
+ (**FortressCore**)<---https--->(**FortressRest**)<-in-process->(**FortressCore**)<---ldaps--->(**DirectoryServer**)
+
See *SECTION 1. Prerequisites* of this document for more info on how to prepare a test env.
