Andrew Zeneski wrote:
I never even considered such a thing when I started working on the process based designs because I was taking ease of migration into consideration. Changing from plain permission checks to a more process based permission string was large enough. However, my point is that if we are considering ways to change all the artifacts in OFBiz and how they deal with security it can be done with either of the two proposals.
I think the current feeling is, a completely different approach would be acceptable if there is significant advantage to it. And if we do settle on something completely different, then a migration service would be mandatory.
-Adrian
