ESAPI Specification

= Migration Strategy =
 * ESAPI 2.1
 * Create new package org.owasp.esapi.core
 * Create new set of Interfaces in new package with each extending it's org.owasp.esapi counterpart
 * Deprecate methods in org.owasp.esapi Interfaces
 * ESAPI 2.5
 * Remove deprecated methods that were deprecated at or before ESAPI 2.0
 * Introduce new ServiceLocator API
 * ESAPI 3.0
 * Seperate Core API into it's own artifact/project called ESAPI-Core
 * Create new set of artifacts as outlined in ESAPI_Project_Structure
 * Introduce Core API Testing Suite
 * Introduce Core API Testing Suite

= Core API =

AccessController
The AccessController is responsible for determining if the currently logged in user has access to a given resource. The resource can be anything that implements the Resource Interface.

Changes from ESAPI 2.0

 * Removed deprecated methods
 * Added Generic Stereotypes to the Key and Context parameters)

 void assertAuthorized(Resource resource, Context context) throws AccessDeniedException
Assert that the currently logged in user can access the given Resource with the given Context parameters

 boolean isAuthorized(Resource resource, Context context)
Determine if the given resource is accessible by the currently logged in User

Return
Returns true if the resource is accessible to the currently logged in user and false if it is not.

LogFactory
Still thinking this one through

Logger
Still thinking this one through

Resource
Marker Interface for Resources that a user can request access to.