Hi Santiago, I was _really_ surprised to read that the accesscontrol design it is an IBM todo. Oneshould never go on holidays... Nevertheless, I finally found the guy who wanted to do this: I received a JavaDoc for an interface from him - however it shouldn't be called javaDOC as it misses any explanation. He did quit some thinking, but there are no comments yet :-((. The reason why I still checked it in is that in case you're start coding, at least you might get an idea of what he was thinking of. The basic point (and that's where it is different from the turbine permissions approach) is that a access rule consists of _three_ parts: a SUBJECT that wants to execute an ACTION on a OBJECT. If I undersand it right, a turbine permission is the combination of both, an action and an object. The advantage of splitting this in two parameters is that it allows to define a very small set of generic actions that don't have to be extended, when a new type of object is introduced. So again apologies for this check-in, it is embarrassing; I just hadn't the time to look after it. Saw it myself first time only one hour ago. I promise to come back with something useful. ingo. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
