> Right now swarm operates the following way: A user is associated with > 1 or more Subjects, each Subject has 0 or more Principals.
This sounds right to me, and is like how JAAS works. A subject is the root/ abstract entity for a user, principals are views or identities of a subject and in JAAS you would represent a role as a principal. As JAAS is the default authorization mechnism in Java, it is arguably the 'industry standard' (for Java). Whether it is what you prefer is another question. I think people find users/ roles easier to understand, but personally I like the more abstracted model of JAAS; whether you want to model groups, roles a combination of the two or even something different, it fits seamlessly. My 2c, Eelco ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user