On Thu, Jan 27, 2011 at 11:14 AM, C. Michael Pilato <[email protected]> wrote: > If we have have the option of moving towards case-sensitivity -- that is, a > *more*-precise authz policy -- that seems like a good thing. I'd even be in > favor of making this behavior optional (like the force_username_case option > we already have).
Given that we do wonky things on the client side when cases are mixed in the same path, I think it'd be very weird to make this behavior optional. It's so highly unlikely that anyone is going to want apply rules to "AuthZ" but not to "authz" - especially given that it wouldn't have worked *at all* before anyway. My $.02. -- justin
