If you talk to os kernel folks, they think authentication should happen right at TCP/IP stack level, if you talk to httpd, they will give you an apache module, if you talk to servlet engine folks, they will give you a web.xml descriptor or, if you are lucky, a servlet filter, if you talk to sitemap lovers, they will give you an action.
Out-of-the-blue-thought (and I had way too much wine last night): shouldn't this 'action-in-sitemap' thing be alleviated by an 'orthogonal-to-the-matchers' thing in the sitemap? So that you end up with a section in the sitemap describing the content-generating artefacts, and another one listing the authentication realms, maybe using the same matcher-like constructs describing which portions of the URI space should be protected?
I'm having the slight feeling we are moving stuff into flowscript that can mess up good URI practices.
</Steven> -- Steven Noels http://outerthought.org/ Outerthought - Open Source, Java & XML Competence Support Center Read my weblog at http://blogs.cocoondev.org/stevenn/ stevenn at outerthought.org stevenn at apache.org
