On 12/5/06, Randy Letness <randy at osafoundation.org> wrote: > Can't the ticket processing junk just verify that the ticket is valid > and stick it in the security context? Then the rpcservice does the > authorization based on the method called? no - it needs both the resource path or uid and the ticket key to authenticate.