I've added my comments.
I don't think we need domain ACLs - it's an interesting concept but it
also worries me a little to have security as an afterthought - it's
intrinsic to the design of the code in some ways (surely if you only
want to give one person access to a subset of the data you also want to
avoid going ahead and retrieving the data in the first place). Perhaps I
misunderstand it's intent.
So, where are we at with this? I don't think its healthy to keep a
branch for too long on something so fundamental as it'll become hard to
merge back in, but is Acegi proving to be both non-intrusive and capable
of doing what we need? What state is it in?
- Brett
On 11/07/2006 8:41 AM, Carlos Sanchez wrote:
http://docs.codehaus.org/display/CONTINUUM/Security
Please take a look and provide feedback on the semantics of what to
secure and to what level.
--
Apache Maven - http://maven.apache.org/
Better Builds with Maven - http://library.mergere.com/
