Hi, There is now a changelog in the Jackrabbit wiki:
http://wiki.apache.org/jackrabbit/Proposed_JCR_2%2e0_API_Changes Thomas On 7/16/07, Torgeir Veimo <[EMAIL PROTECTED]> wrote:
On 16 Jul 2007, at 15:43, David Nuescheler wrote: > (2) Access Control Management to go beyond the introspection that is > already specified > in JCR v1.0 It seems that access control in JCR 2.0 is limited to declarative security? I think this is a very bad restriction. Declarative security was never sufficient enough for EJBs, and is surely not sufficient for all types of applications which might be built on top of a JCR repository, and is very often much more verbatim than implied or programmatic security. What I'd like to see would be some means of getting access to Nodes in a read-only "before" session and an "after" session in a security manager. This would allow implementing a wide range of different security managers depending on the application at hand. I guess there are technical challenges with implementing such session access, but it could be an optional feature, and the suggested next generation persistence architecture would probably easily support it. -- Torgeir Veimo [EMAIL PROTECTED]
