Use Cases: Personal Ads Site: In the US online dating has become one of the big online industries. A webservice called Nerve Personals feeds information to a wide variety of different websites. TheOnion.com, Boston.com, and RottenTomatoes.com are all examples of websites which use Nerve's services. Although Nerve isn't built on OpenACS what could OpenACS bring to this problem? Amazon.com: Yahoo! is one of the world's biggest online community sites. It has many different functions all of which are tied together through one unified user database. Two of it's functions, Yahoo! Groups and Yahoo! Store allow individuals to set up highly personalized websites for their individual organizations. As a partial ecommerce site Yahoo! has lots of very sensitive data which must be protected .. and they need a serious security policy. Architecture: Persons, Parties, Users: * Persons: people who are mentioned but aren't users * Users: People who have full access accounts * Parties: Principle unifying groups and users making users a degenerate cases of a group Permissioning: * Objects, permission, party map * Security Context? Inherited Security * Anecdotes about how stupid real security is * Failure of Security model? Security/Authentication: * User authorization and authentication * Dangers of Clear Text passwords * database security (protect users from hackers and DBA's) * credit cards * the importance of one way hashes * when to use HTTPS * user identity hijacking .. howto * cookies vs. url identification Request Handling: * AOLServer native filters * The request processor * Combination w/ the Site Map * Package Handling Package System: * Anatomy of a package * .info files * installation process * package instances versus packages Site Map: * nodes * mounting of package instances Templating System: * separation of code and formatting * ad_page_contract Additional Features: Robot Protection