> -----Original Message----- > From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
(First off, I take your point, but am just stupid enough to think that an implementation is nevertheless possible. The following is just to spur further thought.) > What'a a "user" (i.e. what properties does one have)? Exactly what it is in container-managed authentication, e.g. a Principal. Container implementations could hold whatever the container decides they should hold. *That* data would *not* be portable across containers--only the Principalness would be, and the addUser(Principal) method (or some such). > What's a "role"? Exactly what it is in container-managed authentication, e.g. a String. > How about "groups"? Groups are roles, just as they are in container-managed authentication. > Oh, and now I need SSL certificates. No, not necessarily, because container-managed authentication via the mechanisms supported out of the box does not need them. (And so on.) Cheers, Laird -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>