An accreditable manager should be available which stores the data not in plain files but using the Lenya repository layer (at the moment that would be repository sources, i.e. the lenya:// protocol). Actually, the storage should be entirely separated from the access control for SoC reasons.