The edge code has just been updated to use the new Devise gem for authentication, replacing the previous solution of Authlogic. People who have been following the source code closely will recall that we attempted this switch earlier but backed away from it once we encountered various difficulties. So what made us decide to try again?
The first reason is that we were given assurances from Devise author, Jose Valim, that it would be possible to provide all of the customization options that we would require. The second reason is that we came to realize that the migration to Devise would make it easier to allow authentication via social networking services. Such work is already underway in the new spree_social gem.
We have updated the security guide in the edge documentation to reflect these recent changes as well as some new documentation on the Cancan permissions system that we introduced in the Spree 0.30.x release. Special thanks to John Brien, (Rails Dog’s newest hire), who has been working tirelessly on this effort.