Alex Boisvert wrote: > I would much prefer if we could assert the user/roles as a guard to the > <receive> instead of having to use <if> later in the process
Not that anyone has asked, but for this I would prefer declarative, managed, security, too. > I would also suggest using the standardized NIST RBAC terminology (user, > role, permission) because it's most widely used and more intuitive (and > business friendly). "Credential" seems to be the most common term used > for proof of identity and authority. Is this something that should be developed by Ode, per se, or something to be raised in BPEL working groups? What are the standardization efforts in this domain? I do come across http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4032037 http://portal.acm.org/citation.cfm?id=1173062 http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/proceedin gs/&toc=comp/proceedings/icws/2006/2669/00/2669toc.xml&DOI=10.1109/ICWS.2006 .21 FWIW. --- Noel
