Hi everybody,
scanning the thread about authorization I have the impression that two
things are discussed in the same place.
IMHO we have to differenciate between
a) authentication: Who am I? Which groups do I belong to? and
b) authorization : What am I allowed to do?
I think a) should be handled thru Turbine, anticipating that there
will be several 'backends' supported over time (LDAP, NT-auth, etc.)
b) should be done in jetspeed because for every portlet you have to
decide whether it can be acessed or not. This is application specific
and not of concern for other Turbine based projects.
just my 2c.
-rolf
--
Rolf Meinecke Pixelpark Unit Dortmund
Tel.: 0231/552 1459 Fax: 0231/552 1490
this .sig is intentionally left blank
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
