>I believe that JAAS fixes this adequately. In JAAS a particular Subject, >for example me :-), can have an arbitrary number of Principals attached >to it, for example "Sweden". If I log into an EJB-system which supports >JAAS it should be able to ask Q's such as "does the current Subject have >the principal(=role) 'Sweden'?", and then make decisions based on that. JAAS should help, but there are some minor pitfalls, the only real Role support in JAAS is as you point out Principal=Role, as we had Role support in JAAS and then due to complications it was removed. The other pitfall is that you can have a Subject with multiple Principal, and the problem is the modulation of those Principals and how Subject.DoAs works. Thanks, Anthony Nadalin _______________________________ mailto:[EMAIL PROTECTED] =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
