On May 4, 2009, at 12:31 PM, Adrian Crum wrote:
David E Jones wrote:
1. artifacts responsible for their own security (especially
services and screens), and security permissions are referred to
directly (ie the actual permissions are configured directly in the
XML tags for the artifact)
If this is referring to my proposal, it's not accurate. It should be
more like:
1. Artifacts (any screen widget, service, or entity) are security-
aware and exhibit default behavior based on a user's permissions.
Sorry, I meant #4 to be closer to what you were presenting. #1 is a
super-simple model like we used a long time ago and just had
permission checks with literal permission IDs in service defs (or
implementations) and in screens and such.
-David
