I do not want to start a debate or a huge long discussion about security here. I know there are a lot of issues about how it should be implemented. I have a simple question that has been on my mand recently :) This may be what some people have in mind already, I don't know.
Would it be viable to seperate all the security stuff out of RunData and T3? Here's what I'm thinking. Lets totally seperate out security from T3 so no one is forced to use ANY preset interfaces, classes, etc for security. Then if people want to use the current mechanism they can use the fulcrum service, the corresponding valves, and a new SecureRunData implementation (which would contain the methods getUser(), getACL(), etc.). But, if I don't want to use Fulcrum's service than I can implement my own valves, my own RunData implementation, and my own security classes (User, Group, whatever...) A lot of the hard stuff has been done to totally seperate out security from T3. Kudos to everyone involved in that! Everyone here has different needs. No one is going to agree anytime soon. If we seperated security from T3 then hopefully we can get a bunch of different security implementations and then go from there. Maybe something will come out of it for version 3.1 or 4.0. ~Dan Diephouse -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
