Thank you taking the time to investigate the current specification. I'd like to address your points:
1. Authentication is covered by the bindings themselves and we did not feel a need to reinvent the wheel there. For ReSTfule AtomPub binding, which is based on HTTP, HTTP Basic, Digest, NTLM, or some other mechanism can be implemented. For WS binding, WS-Security or HTTP authentication is also valid. For both of these bindings, many tools are available to send and receive credentials. If this is not sufficient, could you explain your use case?
2. Security - We currently expose the ability to see what actions the current user can perform. We also expose an abstract policy based mechanism that can affect the security policies in the repository. We are also working on a simple form of ACL as well.
Does the above address your concerns? If not, I'd like to continue the discussion on what use cases you are trying to solve and how CMIS can be used for them.
Thanks,
-Al
Al Brown
Emerging Standards and Industry Frameworks
CMIS: https://w3.tap.ibm.com/w3ki07/display/ECMCMIS/Home
Industry Frameworks: https://w3.tap.ibm.com/w3ki07/display/ECMIF/Home
Office 714 327 3453
Mobile 714 263 6441
Email albertcbrown@us.ibm.com
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation.
Fernando Díaz Gestal ---03/04/2009 04:49:57 AM---Hello guys,
