hi ben, thanks for your comments.
> 1. Not everyone uses JAAS, or even wants to use JAAS i agree, apparently that seems to be the case. that's also the main reason why we ended up not enforcing jaas from a jsr-170 spec perspective. so from a spec perspective, we should be open enough i think? > 4. Often alternative OSS security frameworks and > home-grown approaches cannot easily be made integrate > into a JAAS LoginModule with respect to authentication in jackrabbit i am not creative enough to come up with a usecase that cannot easily be wrapped into a JAAS Login Module. Do you have any examples in mind? authorization is certainly a more complicated issue. regards, david
