Hi Bertrand It's not just about about multi-user. Even we would say that we want Stanbol only to be a stateless single-user engine we might still care about handling java security correctly in case we want to support our modules being integrated in other applications. So the issue would not just about doping authentication but also to significantly reduce reusability of the Stanbol components.
Take for example a logging system. Typically a library that provides no support for multiple-user. Yet such a library has to care about not requiring any unexpected permission on logging. Cheers, Reto On Mon, Apr 8, 2013 at 12:11 PM, Bertrand Delacretaz <[email protected] > wrote: > Hi, > > I'm trying to understand the disconnect that we're seeing in the > security discussions...isn't that more about the following two modes > of using Stanbol? > > Single user Stanbol: > A stateless engine that's accessed by trusted systems, which are > supposed to handle security and access control by themselves > > Multi-user Stanbol: > An engine that's accessed by non-trusted users and might store their > data, so needs security features, user management, etc. > > Agreeing on these two usage modes might help us have more constructive > discussions, IMO, about features that multi-user requires but > single-user doesn't even want to see. > > -Bertrand >
