> > Um, I couldn't disagree more. The current Turbine security model is > > limited in many aspects. > > I didn't say it wasn't limited. I said that it is a pretty > functional system > for webapps. Scarab (a very very complex webapp) uses it and it is fine.
What I personally don't like about the current model is: * It is specifically tailored to Internet webapps. * It is hard to adapt to different "back-end" security systems (NT, LDAP, whatever). * It provides ONE way of creating relationships between users and permissions, through roles and groups; what if I want to use a different set of relationships? I think we need a pluggable (or "skinabble", to be in fashion) system that allows to use Turbine's current model, but that it also makes it easy for developers to switch to a totally different model. And, if possible, with a default implementation that doesn't require a DB. > -jon -- Gonzalo A. Diethelm [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
