On 3/15/07, Enrique Rodriguez <[EMAIL PROTECTED]> wrote:
On 3/15/07, Alex Karasulu <[EMAIL PROTECTED]> wrote: > This totally stinks for now but you're right it's the only way currently. I > could expose an API to just request a context without authentication however > this would allow stored procedures in the server to do that as well and > assume any user. Yeah, I kind of knew that. Really, the only way to restrict access intra-VM is to get into the whole code permissions thing. Incidentally, this is handled nicely in the OSGi service platform. People have different ideas of what OSGi is; perhaps modular bundles, jar metadata, etc., but when it comes down to it, it is a comprehensive framework. Like any good framework, written by experienced developers, you find yourself needing certain functionality that it already has a story for. In this case, we could use bundle permissions to restrict access between, for example, an LDAP protocol provider bundle and a core DIT bundle.
We have to find a place in the roadmap for OSGI, that's for sure ! I bet that the best timing to start a first drop of OSGi code will be after 1.5.0release, around may or june. Emmanuel -- Cordialement, Emmanuel Lécharny www.iktek.com
