what (for example, in the case of an enterprise KM portal) prevents a clever user (let's say, a Python programmer in the company's IT dept) from being able to bypass the client security mechanism and get access to HR or payroll data that he/she is not supposed to see?
This is exactly the problem my ZODB-dev idea seeks to solve...
I guess, if you are just looking for applications that access data and call methods written in Zope, XML-RPC would still be ideal, and have the security features that would be needed.
<snip XML brokering stuff> Woh! That sounded cool but went light years above my head :-S
for an unintelligent application; it just means the application is a little bit more autonomous from Zope (which could either be good or bad)...
Hmmm, thanks, that was a really interesting insight :-) cheers, Chris