That means that you have the define the permissions for each node - right ? I'm not sure this what he is looking for. I'm also interested by another solution. In my case, I have to define a security model with the notion of users, groups and role. One user can be member of different groups within different roles.
In term of permissions, I'm very interested to have a solution based on JAAS with something like the FilePermission ( http://java.sun.com/j2se/1.4.2/docs/api/java/io/FilePermission.html). Is it make sense for some of you ? I did that in the past for Graffito with the Jetspeed security services. br, Christophe
