Integrate the security policy into resource management
Resources are basically objects that can be secured by model security (see #6604). We'll have to find a solution how secured files have to be handled by the resource manager.
One possiblity would be:
We have a special virtual folder named after the secure session key that holds symlinks to all resources the current user is allowed to access. We could also add a dynamic rewrite rule that restricts access to this folder to the IP of this user. The folder would have to "expire" with the user session.