Your last point was exactly what I was looking for.  I am thinking about
using attributes along with coprocessors to impose some application-level
authorization constraints.  For example, in a get, I can pass username and
credential attributes and have the coprocessor filter results based on some
rules or group membership.  Of course, I'll need to make sure that that
step doesn't violate regular good practices for coprocessors.  If anyone
has used attributes for any similar purpose, I'd be interested in hearing
about those experiences.



On Fri, Feb 22, 2013 at 4:24 PM, Harsh J <[EMAIL PROTECTED]> wrote: