> Raj Kumar wrote:
>
> > hi dirk,
> > I wonder if the change you made in the Domain.xml file is required. On
the
> > slide documentation
> > page at http://jakarta.apache.org/slide/security.html it says at the
end
> > in the NodePermission section
> >
> > Subject: Subject of the permission. This can be either the uri of an
object
> > in the namespace, the name (or interface class name) of a role or a self
> > permission (in which case the subject is equal to "~").
> >
> > Since the subject can have the name of the role(defined in the roles
> > section) as its value i think what was meant
> > by line <permission action="/actions" subject="root"/> is that all
users
> > having the root role have permissions to all actions of the root
node("/").
> > And this makes sense because instead of having to list all the possible
> > users who have a permission you can just list the roles that the user
has to
> > have in order to have a permission.
> > thanks,
> > rajkumar
>
> Yes, but I don't like the current role implementation and don't think
people
> should use it.
> As you can see there is also no support for it in the webdav code.
> But I'll add an example of a role permission and add some comments.
> I'll have some ideas for improving the roles and security in general but
it will
> have to wait until after the release, if it gets in the general version at
all
> because it will change some interfaces.
Maybe it will be possible to change the interfaces after 1.0.
After all, the next release will probably include a lot of major new
features (Delta V, DASL, to name just a few things ...), so we could decide
the next one will be labelled 2.0, in which case we can break the API.
Remy
