Finished the document on bibliographical markup, made a couple of changes to the implementation document, and then made a start on the detailed timeline. In the process, Greg and I discussed and researched several issues:

Secure logon: this can only be handled by turning on SSL in Tomcat; this enables any page to be accessed through https. If the user does this, we can give them an option to make use of it in the application, whereby sensitive documents would only be rendered if their access URL was using https. The default install will have this turned off, because we can't control or detect the user's Tomcat setup.

Building a WAR file package: Greg has now mastered building Cocoon with eXist as a block, so we can go this route. We can turn on all the blocks we want and exclude all the flaky ones. The only remaining issue is how to inject our website materials into Cocoon, along with the sample database, after building. Perhaps we can just edit the contents of the WAR file (which is just a zip).