Consider Security Model

[afscrome]

Consider the security model for what permissions etc. are required to read & modify metadata for cotnent.

Not quite so important for the in-process & velocity models, but very important for the REST Api.

[RichMercer]

We should probably link the ability to edit metadata to the permission required to edit the IContent. Seems obvious for entities such as blog posts, groups etc. but I'm not sure how that might relate to comments etc.

[RichMercer]

Given the obvious complexities of tightly linking metadata permissions to content permissions, I think for now I am going to secure updating of data via the REST API to users in the administrator role.