I've started exploring the security aspects of Jetspeed and have some questions & issues. I searched the archive and found some older discussions on a few of these items, but a couple of them went unanswered even in the past.
1. Security Role Browser. Add a role - myrole. After the role is added, select "Permissions". Fill in some of the checkboxes. Select "Update" - you are taken to the list of Permissions NOT the list of roles. That seems wrong. Select "Security Role Browser" again. Select "Permissions" for the role you created. All of the Permission checkboxes are empty - where'd the settings go? 2. Permission Browser. What is the purpose of this? If I understand things correctly, each portlet has its own set of actions, which are controlled by <security-entry>s in the registry. What is the "Permission Browser" doing? Which security role(s) is it modifying the permissions of? Which portlets are these permissions being modified for? 3. Security Browser. Are the "Security ID"s listed in this supposed to correspond to Roles in the "Security Role Browser"? If so, why don't they? If not, how are the two related? 4. Schema questions. The DTD documentation says <portlet-control-entry>s may have <security> and <security-ref>s. To what end? What is the purpose of <security> and <security-ref>s in <parameter> elements of <portlet-entry>s? - Jasen.