I'm a newcomer to Zope, coming into the middle of a project using Zope. We've been looking at security requirements for a commercial Extranet. It appears Zope meets all of the requirements except for two: 1. Role Inheritance: Currently, the permissions associated with "Role A" and "Role B" can be assigned to a single user. However, they can't be assigned to "Role C" (ideally along with additional permissions). 2. Timeout: If I walk away from my computer while using Zope, and return an hour later, someone could use Zope without my permission. With a timeout, I could say "log me off if you haven't heard from me in (specified number of) minutes. Please let me know if these features actually do exist, or if there is a way to create them. (I realize I can also submit these as feature requests to Zope.org). Thanks for any feedback, John