On Tue, Sep 18, 2012 at 7:45 AM, Rupert Westenthaler <[email protected]> wrote: > ...So your proposal is to introduce "Security" on the Component level....
It might be useful to agree on the overall Stanbol security model in a wiki or website page before digging into the details. Case A: I don't care much about access control if using Stanbol as a stateless content enhancement engine, as long as each request is isolated from others I'm fine. I want a lean Stanbol in this case, maybe even embed its bundles in my Sling or other OSGi-based application. Case B: the picture is very different for someone who wants to use Stanbol as a content store, where you might need granular access control. You could easily turn Stanbol into a complex content management system here, with the correspondingly complex security features. IMO we need to define the possible security levels to cover the spectrum of A to B, based on use cases, before (potentially) bloating the Stanbol codebase with things that case A doesn't need. -Bertrand
