Hi there, I think we all know this. The problem is really how the Church wants us to proceed in this. If we want an 'open-source' project to be used within the boundaries the Church has to abide by we need to know those boundaries.
I for one know there are a lot of boundaries based on the various countries the Church has a presence in. So to just dismiss it as something we shouldn't be discussing is like sticking your head in the sand. The structure of the security is not being discussed here, but the boundaries. BTW Linus didn't create Redhat it is just one instance of a Linux distro. Kind regards, Manfred Riem [EMAIL PROTECTED] http://www.manorrock.org/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of A. Rick Anderson Sent: Wednesday, June 07, 2006 10:23 AM To: LDS Open Source Software Subject: Re: [Ldsoss] Scout Tracking There are fundamentally two architectures. Standalone and online. Any discussion we can have about the merits and demerits of both have been repeated ad-nausea for every application since the birth of the Internet. If we try to boil the ocean on the first pass, the project is doomed from the beginning. Can you image what would have happened if Linus Torvalds had tried to release Red Hat as a replacement to Minux? Get something that works well and that installs well on a local machine. Refactor it so that the business tier, the presentation tier and the model tier are distinct. Drop it on a disconnected appserver and add an additional presentation tier to prove that the refactoring is sufficient. It won't be, so count on additional refactoring. Now you have a functional solution that is worth debating security/privacy/convience issues about taking online. The worst case scenario is, you have a solution that works for you, and that others can install and that will work for them. Pushing security concerns into the application logic itself, is IMHO, absolutely poor design!!! Security and security policies are cross-cutting concerns that should be done declaratively in a security policy manager, or at worst, in the appserver. As a ward member, do you really want to have to log in and validate against every piece of functionality restricted to members on the church website. Ex: Once I log in once, switching to the ward webmaster mode doesn't require a new authentication. Why? Because the authentication is done at the middleware layer, not the individual application layer. -- A. Rick Anderson _______________________________________________ Ldsoss mailing list [email protected] http://lists.ldsoss.org/mailman/listinfo/ldsoss _______________________________________________ Ldsoss mailing list [email protected] http://lists.ldsoss.org/mailman/listinfo/ldsoss
