"1. On the Sample App page you say "The StockTrader Client and the [Passive STS] are managed by the online bank". I was under the impression that the client app would be managed by the brokerage firm and only the Passive STS would be managed by the online bank. This is also present in #4 of the walkthrough."
It would seem to make more sense that way, inasmuch as it wouldn't make a whole lot of sense for a bank to put all that effort in building their own client as opposed to simply branding one that the stock broker had already created. Those statements were based off the diagram at the bottom of the second page of the spec attached to STONEHENGE-73 [1]. Am I misreading that? Is it talking about a Bank website (that is not a part of the sample) that links to the StockTrader client (managed by the broker)? "2. On the Sample App page I think we should add a Step 14/15 for the OPS updating the order record to closed and the Client app checking every page cycle for any newly closed orders and displaying them in the alert." Done. - Nick Hauenstein [1] http://issues.apache.org/jira/secure/attachment/12412416/Changes+to+Apache+Stonehenge+to+Support+Claims+Based+Security.pdf
