Hi Ian, I have reviewed your documents ([1], [2], [3]) and I found them very interesting. I'm also interesting to see your "Dynamic group" feature present in Sling. I'm sure that many Sling users will appreciate this feature. For example, it is a good solution for my current Sling based project.
So, what do you think if we try to integrate this feature in Sling (comments from others will be also appreciated) ? I have also some questions on the current implementation of a DynamicPrincipalManager. 1/ the method hasPrincipalInContext has 3 arguments (the principal name, the aclNode & the userId). I think it should very useful (at least for my project) to have also the Subject as parameter of this method. 2/ In some case the aclNode is not sufficient. It should be nice to have also the node or the path for which the check is asked. What do you think about that ? Christophe [1] http://confluence.sakaiproject.org/display/KERNDOC/Sling+AuthZ+Implementation+Plan [2] http://confluence.sakaiproject.org/display/KERNDOC/Configuring+Users+and+Groups [3] http://github.com/ieb/open-experiments/tree/master/slingtests/osgikernel/bundles/server/
