Michael R. Bernstein wrote:
On 04 Aug 2001 11:48:49 -0700, Michel Pelletier wrote:
Tim McLaughlin wrote:
2. Simplify the security model more, if possible :) I know, it's been done, but it's still not easy.
On the side, keep in mind that the component model will simplify security for the developer quite a bit. By cleanly separating presentation from application from content, you can assess the security needs for each layer independently. Right now, different methods that you want to protect under different policies are all mushed into one class, which is why you *need* to be very verbose with security now. Decomposing that will let you secure your components in bite sized chunks.
Michel,
Do you (or Jim) see this aspect of the component architecture solving the issues that I'm trying to deal with in my SecurityJihad proposal?
Your proposal is good but independent of the component architecture IMHO. Shane