Hi, First of all apologies for cross-posting to -dev and -user. I couldn't see how to separate the issues in this email as they were raised in recent postings on both groups.
Jim (in -dev) is absolutely right in asking the question "how COULD Xindice be used" and therefore how to improve the acceptance in a wider community. I believe that Xindice is a fantastic, future-oriented DB product and agree with Jim that one of the most important features for its usage in any more or less "open" environment is the security aspect. We looked into the usability of Xindice 1.0 for engineering software applications to store (loads! of) XML files in an environment where concurrent access from differing applications or services as well as a range of users and machines can occur. We are very happy with the current functionality, however, one of the most concerning issues to us and probably any community of users is indeed the security in form of access control, authentication and authorization. The problem with the current version (1.0) is that basically anyone can add/update/remove collections and documents randomly. There are pre-defined collections in /db/system which come installed with Xindice - called SysAccess, SysGroups, SysObjects, SysConfig, SysUsers and SysSymbols - and I wonder if I have just overlooked the documentation on these or if there isn't any. -> Are these (empty) collections used for anything? Can we actually define the system configuration / users / access rules in these or are they simply sample folders (which thus could be removed)? Will they provide any functionality in Xindice 1.1 or for later releases? -> Has anyone experience with defining user/machine level access for Xindice (maybe in relation to the Apache XML Security project) and would be able to share this with the xindice community? -> Are there any plans for security features on the roadmap for future versions? -> Can I help? Many thanks for your time & information. Regards, Marc ------------------------------------------ Marc Molinari e-Science Centre Southampton Computational Engineering & Design Group School of Engineering Sciences University of Southampton, SO17 1BJ, UK ------------------------------------------
