What made the the search in the HP printer division
intranet so complex?
The quick answer: The fact that permissions were inherited from super-folders, so that you'd need a hierarchical query in Oracle.
Hierarchical queries are basicly executed iteratively one-by-one, even if they look like normal SQL queries.
Even for a production .LRN site I cannot say that yet.
Even the different .LRN sites may want to use different security policies. Is the course documentation going to be publicly searchable? And: There may be more then a black & white distinction between public and private. What about "inscribed alumni" against "registered users"? Or teachers? Or Directors/Managers?
The case with Project/Open is so complex that we will need to check the permission of each element using the standard TCL security checks at the end (the final results screen) to ensure watertight permissions. Its a software consistency issue.
And we can do this, if we are only showing 10 or 20 results for each screen, if the "list of candidates" (the results where the user has access to the container objects) is reasonalbly and if these results are reasonably ranked. So that is what we're going for.
However, I repeat again, you won't be able to do all of this via a service contract architecture. The final security check on the result screen needs to be application or even implementation dependent.
Bests,
Frank
