On Fri, Dec 5, 2008 at 3:22 PM, Adam Winer <[EMAIL PROTECTED]> wrote: > AppDataService.updatePersonData() has a String appId parameter. An > implementation would, most likely, compare the appId here against > SecurityToken.getAppId(), and only permit updating if the two match, but > that's a container policy decision.
Ummm.... if there's only one sensible policy to implement...?
