In general I agree but it makes the deployment more complicated because the authentication differs from container to container.
The container-specific part of the configuration varies, but it's usually not that complicated. And everyone who has ever deployed a J2EE webapp should know it well.
Anyway, the current implementation of authentication in Linotype is a toy, so you'd have to rewrite it for a realistic deployment, and whoever wants to deploy Linotype using a different user repository, LDAP for example, or support single sign-on, would have to rewrite it once again.
J2EE has a standardized, declaratively specified, authentication mechanism for web apps, that is good enough for Linotype and most apps. Why reinvent it?
We would need to maintain examples for the different containers... The login page might also need to be different per container.
We can easily provide a configuration for Jetty, since that's what we distribute for running the examples (I already did and will commit it soon). Adding another one for Tomcat wouldn't be a problem at all.
I am talking specifically about a file-based user realm, no JDBC so there would be no dependencies.
WRT the login page, I routinely use the same page for Jetty and Tomcat, so I suppose it's standard. But you can always use BASIC authentication and do without a login page.
But wouldn't this limit us to the particular "features"/stuctur of that markup. (Well, except using a different namespace) And what is the benefit? We could save a transformation.
Atom (and I think also RSS 2.0) can be extended with elements from other namespaces, indeed. And we could also ask for changes to the Atom spec, since it's still in draft stage. Anyway, what do you suggest that we use as an alternative?
Ugo
