OBSOLETE
Can an off-the-shelf content repository (CR) provide the functionality needed for the back end of Synapse?
...
MAYBE (Bruce thought he saw it was, but Dave found a comment to the contrary) - fine grained authorization/security (would need to know how users and groups are represented)
Additional comments from Dave:
The JBOSS DNA project didn't actually implement authorization, just authentication (with JAAS):
http://docs.jboss.org/jbossdna/0.2/manuals/reference/html/environment.html#authorization
Jackrabbit's JCR 2.0 impl ... looks like they DID implement a nice looking Node-level hierarchical authorization scheme. Their wiki discusses the features and pros/cons for the different styles of authZ:
http://wiki.apache.org/jackrabbit/AccessControl?highlight=%28authorization%29
but the API clearly has Resource (Node) based authorization actually implemented in it:
http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/api/security/JackrabbitAccessControlList.html
Given that and their nice SVN/CVS like versioning, the 2.0 spec impl looks a lot more attractive that the 1.x impl.
YES, by leveraging content nodes to represent this metadata - meta data for users and groups
...
- are the attributes sufficiently flexible?
- what's a "relative path", a "reference", a "PATH" property type?
- what's an "unstructured node"?
- how does JAAS link to Crowd?
- does JCR support user groups?
Notes:
- There is a Spring template for JCR
...