geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <dsundst...@gluecode.com>
Subject Re: [jira] Commented: (GERONIMO-454) Support Group Name = Role Name Role Mapping
Date Thu, 06 Jan 2005 01:04:53 GMT
On Jan 5, 2005, at 4:12 PM, Alan D. Cabrera wrote:

> I am not arguing against automapping, I am arguing against automapping
> taking place at after the delivery of the DDs.  I am also not arguing
> for users writing our DDs directly.
>
> Your analogy to CMP mapping is not quite the same as automapping of
> roles for a number of reasons.  DB schema is not as likely to change 
> and
> when it does, the results are immediately known; role automapping can
> have unwanted results that may not be discovered for a long time, if
> ever.  The CMP automapping always results in the exact same mapping, 
> the
> role automapping does not.

The last thing we want is for security to be difficult to use.  If it 
is, then no one will use it and we are worse off.  Is there some 
solution you are thinking of that is easy or automatic?  I'm not 
talking about complex security setups, but the simple ones.  The simple 
stuff should be simple and the complex stuff possible.

-dain


Mime
View raw message