>> But exceptions shouldn't be used for flow control, so I would add:
>> boolean Session.isPermissable(..) or
>> boolean Session.hasAccess(..) or
>> boolean Session.getPermission(..)

> or
> boolean Session.isGranted(..)

As far as i know the latest version includes an new (optional)
access-control-discovery feature, which also defines
privilege discovery through the AccessControlManager interface (see 
section 6.11.1).
notably:

boolean
AccessControlManager.hasPrivilege(String absPath, String[] privileges)

Privilege[]
AccessControlManager.getPrivileges(String absPath)

Privilege[]
AccessControlManager.getSupportedPrivileges(String absPath)

It would look a bit strange to me extending the set of
methods on the Session interface (Session.checkPermission is
part of Level 1 compliance set), if at the same time an new,
optional feature gets added to spec with the same goal.

angela