Hey All,
I thought that I should probably let everyone know that I'm still around, just extremely busy. As some of you I've been working on a credit reporting web site, in particular, the security system. I started with the sample .NET Membership Provider files and have completely reworked them to be fully 3-tier functional and work with the Oracle database that we are using. The site is also using RSA's challenge system (that's the system that Bank of America and others use) to increase security. I will be implementing many parts of the security system into the CMS.NET project, including the session context system that is somewhat similar or what is in Community Server, but also goes way beyond.
I've added some major features to the whole provider system that change it from a User / Role based system to a User / Role / Privilege based system, where Roles are used for nothing more that to contain multiple Privileges. What does this mean? Well, its means that you can still use roles within your web.config files to control access, but other than that you shouldn't be using roles to control access to anything. Instead, you check to see if the user has a specific privilege to allow access. I'm working on a Privilege provider too, so we'll see how that goes. If it works the way that I plan, then Roles should not be used for anything other than a container and you will be able to use Privileges in web.config.
I should have something by the end of this year that I'll be able to make available to everyone, but I wanted to let everyone know that I'm still around. I've been so busy that I haven't even been able to keep up on all the blogs I subscribe to. I need to see what Dave Burke is up to, just to keep him on his toes. In the limited down time that I do have, I've been playing with my new PS3 that I had to get when I bought my new HD-LCDTV. The PS2 just doesn't cut on a 46" wide screen. BTW, I LUV Ghost Recon and MotorStorm. 
Take it easy,
Bill