Ok, I like this ending "some actions" as much as I would like eating fugu in a Japanese restaurant. You know, afraid at first, relieved at last. Mainly because I ignore which actions will be implemented, only that new users may perform some.

XMLPortal actions are based on roles. That is, each user has one or more roles assigned. Roles are a group of actions. The solution seems easy to integrate. Create a new role called NewUser and assign some actions to it. The workflow would be:

1. A visitor registers.

1. An email is sent to his mailbox with a confirmation message. We make it clear the email address exists.

1. When confirmation is received, the role NewUser is assigned to this user.

Actions for new users are now controlled by NewUser role. We can give as much, or as few, power to the newcomer. In late stages, when user has already proved to be reliable, we could assign him more roles.