I've been thinking about combining Identity + peak.security (or, more specifically, RuleDispatch) for the past couple of weeks. (Not constantly, mind you... just when I've had the chance.) Computer science is all about tradeoffs. Occasionally, you'll have something that is distinctly a win with no drawbacks. More often than not, though, you need to balance things out between flexibility, complexity and performance. But you knew that, already.
In this particular case, I think that the Identity user API is really easy to use and will meet a good variety of needs (but certainly not all). peak.security is the kind of thing that can meet everyone's needs, but wouldn't be as easy for some of the common cases that Identity is good at. Here's my thinking: 1) Leave the Identity user API as is for 0.9.0 2) Don't try to work the notion of a "subject" into the existing API. The idea with a "subject" is: does this user have "edit" permission *for this item*. It's very app specific, and RuleDispatch would be a big win here. 3) Integrate peak.security/RuleDispatch into some later release 4) Ensure that there are enough plugpoints that people can take advantage of as much Identity code as possible. Other people here have used Identity far more than I have. How has it been as far as the API for you? (Particularly since Jeff created his predicate system.) Kevin -- Kevin Dangoor Author of the Zesty News RSS newsreader email: [EMAIL PROTECTED] company: http://www.BlazingThings.com blog: http://www.BlueSkyOnMars.com
