Yes. Stepping back a few weeks, when Jeff and I started talking about
identity, I said that i was keen to have something that didn't require
sessions. The reason I said this is that I believe it to be possible
to create an authentication/authorization system that handles a great
many needs and does not require sessions *or* database access on a
per-request basis. The advantage to this is that an application that
has no server-side state is very easy to scale. This won't handle
*all* requirements, to be sure, but that's why the system is and needs
to be pluggable.
This was one of my original complaints about the identity framework. It won't scale very well beyond a hand full of boxes and a moderately sized database. What about those guys with hundreds of boxes?
Hopefully I can get some time to check out all the cool stuff Jeff has been doing. That way I can be more helpful.
-- David
