> > I think we need Scope where JAAS would have CodeSource. > > It's not enough to ask "does the Subject have Permission?" > > We need to be asking "does the Subject have Permission in this > > Scope?"
Or Does the subject have a capability to do X on a resource with permission X ? Sounds an awful lot like you are checking the "capability" http://foldoc.doc.ic.ac.uk/foldoc/foldoc.cgi?query=capability An operating system security or access control model where specific types of access to a specific object are granted by giving a process this data structure or token. "capability" = specific object + permission or "types of access" == permission "specific object" == resource "giving a process this data structure" == Capability capability = new Capability(resource, permission ); checkPermission(subject, capability); ...but I guess the naming issue is at rest for now :-} -Peter -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
