In 1.3 (I must start each post with that), we have no security.
Yet. The plan is to allow additional XML at the Resource level, either in resource.xml or another file. (I have not decided which is better for administration and performance, but I am leaning towards adding it to resource.xml.) Each Resource can have its own deny and allow lists. Accessing an unauthorized Resource returns Sorry (with the option to login if the visitor is not logged in.) The SitetreeGenerator will not include unauthorized Resources, or any of their descendants. The initial design will allow access control by User, Group, or Role. An enhancement will specify inheriting the ACL from another Resource. The "admin" Role and/or Group automatically bypasses all security (to prevent Resource from being lost.) A later enhancement may allow inheritance from the parent in the current Structure, but I am uncertain of that feature's usefulness. It could get complicated when a Resource has multiple parents in a Structure. Can security be maintained when the accessibility depends on varying conditions? What about Modules using a flat Structure (such as Search)? The relevance to 1.4 is that if documents are being maintained in a flat storage (such as access by UUID), security must be at the document level. solprovider --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
