> -----Original Message----- > From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] > I do not believe there will ever be such a thing as a "generic" > application security solution that meets a large majority of people's > needs. The problem is that the needs (well, at least their > wants :-) vary > too much, so any given "application security solution" is > going to have > its own design limits that people are going to run into.
A nice middle ground that would not require boiling the ocean would be a simple interface that allows callers to add, update and remove users and roles. I find that the only thing I usually need above and beyond the current container-managed security API is the ability to create new users and roles. Every container I've worked with has the ability to make these calls with their own APIs--all the concepts and logical objects are the same--but the implementations basically suffer from name incompatibilities. Cheers, Laird -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
