According to Tres Seaver:
> At the PAS level, we could add a new plugin interface, something like
> 'IIsUserValid', which would be called just after the roles plugins, and
> which would block returning any user at all if "required" properties for
> the site were not present.
+1
\wlang{}
--
[EM
Hi Tres,
> If it can validate credentials, however those credentials are
> extracted
> and checked, then yes. There is *no* generic requirement that a user
> have any properties.
>
> If your site depends on externally-provided properties to
> generate stuff
> which is"critical" of the application