=== Open Issues ===
How do ORBIT objects retain user, group and project ownership?

What role is allowed to cleanup (delete) project files in the db?

How is access controlled for each ORBIT object?

Use a user-pull architecture where the user pulls his or her roles from a role server and presents them to web servers or use a server-pull architecture where each web server pulls user's roles and uses them for RBAC?  See Figures 2 and 3 in  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p37-park.pdf PSA01]].   LDAP can be used with either architecture, see  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] for its use in user-pull and [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p37-park.pdf PSA01]] for its use with SSL between 

How best to print text on mogwai without characters being chopped off by duplex printer?