a number of our EAP
customers have requested that we add Role/Resource Based Access Control into
a future EAP 6.x release.
What would you say if someone asked you to try to make this new RBAC feature
generic/extensible such that applications/layered products could plug into it and use it
for their own authorization purposes? Not only to allow to hook into the roles, but also
be able to attach custom external (app-specific) entities to the roles so third party apps
could use the roles and attach their own concept of "resources" or other
entities to the roles?
I'm looking for an answer other than !@#$% ;) (sorry, couldn't resist)