Hi, I'm not sure what's going on with the security code in the rundata_security_changes branch but I think we're veering off a bit:
1. The security model should be completely self contained, so that the new model that you (eric and gonzo) should be completely isolated in the o.a.t.security.turbine package. There shouldn't be any interfaces in the o.a.t.security package except for the SecurityManager. 2. We agreed that SecurityManager is going to be the controlling unit for security. A SecurityManager may use several SecurityModels in an application. I am -1 on the use of Policy as a replacement for SecurityManager: I don't want to use JAAS nomenclature at the top level and I would like to follow the patterns used Stratum and Fulcrum where we have Xmanager. I don't think policy accurately describes what something like a security manager would do. I am about get the fulcrum security stuff working so I would like to push all currently proposed security code into o.a.t.security.turbine so it's self contained and make a new o.a.t.security.fulcrum package where I will bundle all the classes that are bound to fulcrum. The other I had for gonzo and eric is: can't you primarily use what's in fulcrum as a basis and fix what was a problem? I haven't started looking in depth at the proposed code I'm just asking. I know the current security code is problematic but I'd say it's 80% there interface wise. -- jvz. Jason van Zyl http://tambora.zenplex.org http://jakarta.apache.org/turbine http://jakarta.apache.org/velocity http://jakarta.apache.org/alexandria http://jakarta.apache.org/commons -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>