I have started some research around using Policy to enable some security capabilities to Tuscany Web 2.0 extensions, and have identified some initial scenarios as listed below:
Scenarios: Web 2.0 application requires that a user get authenticated before it can access the application. Web 2.0 application requires that all communication between client/server be done using SSL. A given service, exposed using a web 2.0 binding requires user authentication. A given operation, exposed using a web 2.0 binding requires user authentication. Please let me know if you have other scenarios in mind. -- Luciano Resende Apache Tuscany Committer http://people.apache.org/~lresende http://lresende.blogspot.com/
