THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- How does Kerberos handle groups?
- KW thinks that the ACL parser won't currently like realm qualified names.
Other issues
Currently the model is completely statically defined. A type (category instance) cannot have a private hierarchy of its own managed objects. This is pertinent to the Identity discussion as currently group providers have child and grandchild categories of Group and GroupMember but these only make sense to the group provider implementations that have total knowledge of all the members of a group as a FileGroupProvider. This is not normally the case. GroupProviders primary role is provide additional identities of the user. Most GroupProviders won't have the ability to manage the whole group. We talked about changing the REST API url to be fully hierarchal so that private categories could be accommodated.
...