It is amazing how really smart people always use the easiest practical matter to explain complex theories and then when a complex matter comes along - everyone gets dumb founded. I am amazed at how many “Hello World” programs are out there and just simply confused that these are channeled to people are who are really good at programming. I understand that if these existed in “Programming for Dummies” but explaining node structures, data vs structure or even the credit crisis - so simply - well no wonder everyone wants to get involved and bring the “market” down.

So according to David’s Model, it is very important to analyze the question or debate of “data vs structure”. Now I completely agree with this but what I do not agree with is the practicality involved in these examples. A Blogging module is probably the easiest implementation using a Java Content Repository compliant application - you have a blog, some posts and comments. Great figure out the structure you want or data if that makes you sleep at night and then just build the damn thing! The thing that made me wonder is when David goes on to explain “Using the above content model I can easily allow the “anonymous” user to “create” comments, but keep the anonymous user on a read-only basis for the rest of the workspace”.  OK first off, I think this is part of the JCR 2.0 specs of moving authorization/authentication to the content repository level - but even in such a scenario by applying this theory there seems to be the removal of a security layer on top of the JCR repository. I am not sure whether this is the route to go - why would I allow my content repository to manage my security module? Suppose I am bargaining for more than one workspace - would that mean that I would have to enforce my security restrictions on each and every one? I am excited about seeing how this was adopted in Day Communique’s Social Collobaration module that is about to be released and how it will fit in with the Day Communique CQ 5 WCM application.

The second reasoning where I respectfully disagree with this approach is that I am wondering the performance impact on such a “structure”. Lets take David’s own creation of CQ 5 - now I am guessing there would be a listener in there waiting to see for a comment to be made - it would kick in and than create a new node page? Play this into the hands of a site like blogger.com or huffingtonpost.com and you could see some serious implications as far as performance is concerned if not done right! I like the one on one transaction of information of a particular “page” {concept I love about CQ 4.2.1 - not very well versed in CQ 5.1 just yet - though I am loving Sling without its Security/POST Servlet/ and other bottlenecks} - having its own properties and leveraging a security layer on top to handle such transactions. This would play really well with the whole CEVA approach taken by The marketing team of Day Software AG.

I have much admiration for David and his great contributions to the Apache World/Sling and JCR, but it would be interesting to hear some feedback negating his or my theory.

Tags: authentication, authorization, data, Data vs Structure, David Nuscheler, day communique, JCR, JCR 2.0, security, structure

This entry was posted on Thursday, March 26th, 2009 at 10:55 pm and is filed under CQ 4.2, CQ 5.1, Data vs Structure. You can follow any responses to this entry through the RSS 2.0 feed.