I am working on the integration of the ACL (instance-based authorization) project with the AS. For that I need to offer users a way to specify the ACL provider as part of an application-policy, which requires changes to the security-config_5_0.xsd. This schema is currently located in the metadata project.
Given that the classes responsible for parsing the static xml files that contain application policies are in the JBoss SX project, is there any strong reason for the schema to be in the metadata project and not in JBoss SX? I am thinking about the flexibility to update the schema when needed without requiring a release of metadata.
The only schemas that should be in the metadata project are those that are inherent to the metadata model. This security authorization metadata is not part of that, so it should be in jboss sx.