Eric, Thanks for the summary. It clarified a few grey areas.
[ Eric Dobbs ] > The harder I look at the JAAS terminology and model, > the more it makes sense to me. That's why I keep > pushing it. I think it is fairly well thought out and > worth trying to understand. I have spent the last few days researching the JAAS and have to confer with Eric. JAAS is an extremely well thought-out and flexible authentication and authorisation framework! Why try and re-invent the wheel? JAAS seems to provide the flexibility I require: * Single login. * Authentication to an LDAP Certificate store over SSL (LDAPS). * LDAPS, or possibly Database, based Policy/Permissions store. The current Turbine SecurityService seems to be purely user/password orientated. Is Certificate based login being considered for the next framework? Chris -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
