>A message may only be in one pool. There is no way for a message to escape >the pool (eg. resend cannot change the pool) and any replies (or comments in >FB parlance) are in the pool of the original message (this is for >performance and security purposes.)
Cool - this means that each Access Control List (ACL) can exist as an object. Multiple messages in the same thread will reference the same ACL object. The SecurityManager can use a cached map of "(User, ACL) -> Permission", e.g. "(dhague, ACL_1b3cd5e) -> Read" which will improve performance over evaluating the ACL fresh each time. - Darren
