I do not want to start a debate or a huge long discussion about security 
here.  I know there are a lot of issues about how it should be 
implemented.  I have a simple question that has been on my mand recently 
:)  This may be what some people have in mind already, I don't know.

Would it be viable to seperate all the security stuff out of RunData and 
T3?  Here's what I'm thinking.  Lets totally seperate out security from 
T3 so no one is forced to use ANY preset interfaces, classes, etc for 
security.  Then if people want to use the current mechanism they can use 
the fulcrum service, the corresponding valves, and a new SecureRunData 
implementation (which would contain the methods getUser(), getACL(), 
etc.).  But, if I don't want to use Fulcrum's service than I can 
implement my own valves, my own RunData implementation, and my own 
security classes (User, Group, whatever...)  A lot of the hard stuff has 
been done to totally seperate out security from T3.  Kudos to everyone 
involved in that!  

Everyone here has different needs.  No one is going to agree anytime 
soon.  If we seperated security from T3 then hopefully we can get a 
bunch of different security implementations and then go from there. 
 Maybe something will come out of it for version 3.1 or 4.0.

~Dan Diephouse


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to