On 9/10/07, Alex Boisvert <[EMAIL PROTECTED]> wrote: > > On 9/10/07, Assaf Arkin <[EMAIL PROTECTED]> wrote: > > > > To invoke/receive activity we add a principal attribute that can > reference > > a > > principal. On recieve, assigning from inbound message to the principal, > > and > > on invoke assigning from principal to outbound message. > > > I would much prefer if we could assert the user/roles as a guard to the > <receive> instead of having to use <if> later in the process and having to > loop back to the <receive> in case the assertions aren't met.
Assertions are orthogonal to this. The first question that needs to be answered is: do you stuff it in the process, or in the service layer. I'm personally inclined to go with the service layer. Whatever you invest there will work for your processes and Java code and anything else you can put behind a service. I would also suggest using the standardized NIST RBAC terminology (user, > role, permission) because it's most widely used and more intuitive (and > business friendly). "Credential" seems to be the most common term used > for > proof of identity and authority. Credentials are proof of identity, not authority. Credentials you can use in HTTP Authenticate header, to open FTP connection, access e-mails from a POP3 server, and so forth. Assaf alex >
