On Fri, Dec 5, 2008 at 3:56 PM, Brian Eaton <[EMAIL PROTECTED]> wrote:
> On Fri, Dec 5, 2008 at 3:22 PM, Adam Winer <[EMAIL PROTECTED]> wrote: > > AppDataService.updatePersonData() has a String appId parameter. An > > implementation would, most likely, compare the appId here against > > SecurityToken.getAppId(), and only permit updating if the two match, but > > that's a container policy decision. > > Ummm.... if there's only one sensible policy to implement...? > I could imagine a container that supports groups of associated applications, e.g., one company that implements 5 complimentary gadgets, and allows reading and writing among that group. Yeah, it's a stretch. -- Adam
