Since J2EE is already laden with all kinds of security functionality, it is unnecessary to provide a second framework for security. It increases the maintenance burden, and decentralizes the administration of the security rules.
In addition, the type of security in this config file is too basic to be truly useful. Caling server side functions is much more about WHO is trying to use the service than it is about what is exposed for use. If Flex wants to add real value in the area of security, it would be in integrating with the *authentication* mechanisms of the J2EE specification, and the various J2EE containers... There are two kinds of applications: internal, and external. Internal applications are for use by the trusted employee, such as back office applications. These applications contain a dozen different modules each having hundreds if not thousands of different functions. An external application is normally a very small fraction of the internal application's total functionality which is shared with certain trusted business partners, or even the general public, depending on the purpose of the application. Flex is a great technology for developing both kinds of applications. We want to rewrite an internal application using Flex, and subsequently offer certain key functions on the internet. Flex needs to be well suited for this scale of development, and config files are a hinderance. Flex also needs to plug in to the rest of the picture. We applaud the use of Java - this is one major step in being pluggable, but a Java server in the enterprise means J2EE - and J2EE is becomming so much more practical for use in any application now with EJB 3.0. Flex should focus on it's niche - building a rich client - and plug in to all of the other good infrastructure which is available rather than reinventing it with limitations. The current version of Flash Remoting is on the right track - let's preserve what is there and extend upon it. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/