Few month ago I started to think in JSON instead of XML, in Mongo instead of SQL, in javascript instead of PHP…
Now I discovered Meteor and I can only be very satisfied by the very results they offers.
I saw that some efforts are currently made in order to provide a clever solution to the user access rights and data validation.
I do not have the solution but what I could say is that I dug into the JSON Schemas direction.
A
JSON Schema is a bit like an XSD but for the JSON and allows to validate a JSON object (actually any javascript type)
The most interesting part I see in the usage of schema is in user restrictions. As all the orders a client sends to the server are in JSON, is becomes very easy to let both the client and the server filter the request, prior to (client) and after (server) the call. Services can be documented with JSON Schemas, for example we can specify the allowed return types or arguments to pass to a method. In the extreme, the whole framework could be ruled by a JSON Schema defining if such method with some parameters is allowed or not for a client. The most useful usage being in my opinion the data base read / write access for such collection given a client.
The Meteor server - client side approach would also make it possible to have the same schema for both validation (where the client would not send wrong orders and the server can double check that the client is not forging a request). Currently the RFC is still at the draft4 level but the 5th "should be" a release candidate. On the website you will probably reach the 3rd draft, just seek into the git to get the latest one.