hi ben, thanks for your comments.
> 1. Not everyone uses JAAS, or even wants to use JAAS i agree, apparently that seems to be the case. that's also the main reason why we ended up not enforcing jaas from a jsr-170 spec perspective. so from a spec perspective, we should be open enough i think? > 4. Often alternative OSS security frameworks and > home-grown approaches cannot easily be made integrate > into a JAAS LoginModule with respect to authentication in jackrabbit i am not creative enough to come up with a usecase that cannot easily be wrapped into a JAAS Login Module. Do you have any examples in mind? authorization is certainly a more complicated issue. regards, david ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer