Adrian, This really helps. I am starting to see what the api for the integrated permission utility would be. "Trustee" relationship is the word for the relationship between objects (in my case, content records) and party with permissions. In the NDS scheme can trustee groups be hierarchically arranged?
It seems like somethings like Content records would not be appropriate for the LDAP to manage and others, like ContactMechs, might blur the line of what is appropriate. In regards to Bruno's comments, I have not been keeping up with the "framework only" project. Is it going to exclude Party? It seems like permission checking would not be needed in an app that did not use Party. -Al
