<br><br><div class="gmail_quote">On Wed, Jul 28, 2010 at 11:50 AM, Justin Ryan wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">I've spent a lot of energy in this space recently, trying to combine wisdom from Philipp and Stephan's books, Grok docs, etc..<div>
<br></div><div>There definitely seems to be conventional wisdom not well expressed, and I'd like to change that.</div>
<div><br></div><div>I'm working on a simple addon which, when included properly into a default BlueBream paster template, sets up pau and complements the default security policy well, but I'd also like to contribute some documentation helping to centralize the tomes of info i picked through to do what is really very simple.</div>
<div><br></div><div>And I have a rich understanding of principals, roles, permissions..<div><div></div><div class="h5"><br><br><div class="gmail_quote">On Wed, Jul 28, 2010 at 12:59 AM, Baiju M <span dir="ltr"><<a href="mailto:baiju.m.mail@gmail.com" target="_blank">baiju.m.mail@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi All,<br>
I think one of the important missing document is<br>
about the default security policy in BB.<br>
<br>
We are defining security policy in the "securitypolicy.zcml" file.<br>
By default this file resides inside the project source<br>
directory. For example, if the project name is "tc.main",<br>
the security configuration file will be in this path:<br>
"src/tc/main/securitypolicy.zcml"<br>
The security policy configuration file is included from<br>
the main "configure.zcml" which is residing in the<br>
same directory.<br>
<br>
We need to explain:-<br>
<br>
- What is security policy ?<br>
- A brief overview of Principal/Role/Permission concepts<br>
used in the default security policy.<br>
- A brief overview of the default security policy and its intent.<br>
We should mention that what is given there in "securitypolicy.zcml"<br>
is a sample file, which is recommended to change.<br>
In fact we have already have comment like this at the<br>
beginning of that file:<br>
<!-- This file contains sample security policy definition --><br>
- Explain each ZCML directives related to security policy<br>
(securityPolicy, unauthenticatedPrincipal, unauthenticatedGroup<br>
authenticatedGroup, everybodyGroup, role, grant, principal)<br>
- Brief overview of each definition in the file (securitypolicy.zcml)<br>
May be this can be combined with the previous part.<br>
- Explain how to add new permissions, roles<br>
Reccomentation for naming ID -- there should be "." character<br>
in the ID -- URL can be used as ID but not commonly used.<br>
- Mention that HTTP basic authentication will be used by<br>
default (how it is coming ?) -- mention the other chapted<br>
about PAU (which is yet to be created)<br>
<br>
Now I think, this chapter can be named as "Basic Security"<br>
and incorporate content from here:<br>
<a href="http://wiki.zope.org/bluebream/BasicSecurity" target="_blank">http://wiki.zope.org/bluebream/BasicSecurity</a><br>
(Based on Stephan Richter's book)<br>
Or we can have a chapter on BasicSecurity and<br>
documentation about default security policy<br>
could be another chapter.<br>
<br>
May be we can include a *sidebar* about security framework<br>
used to build the BB security - Checkers, Proxies etc.<br>
(<a href="http://pypi.python.org/pypi/zope.security" target="_blank">http://pypi.python.org/pypi/zope.security</a>)<br>
<br>
We should have a separate chapter on PAU.<br>
And it should be mentioned from here as the<br>
next step. We need think more about<br>
this chapter :)<br>
<br>
If anyone want to work on this introductory chapter on<br>
BB security, please let me know.<br>
<br>
Please suggest if any other topic need to be covered.<br>
<br>
BTW, I have added a ticket for this:<br>
<a href="http://wiki.zope.org/bluebream/14DefaultSecurityPolicy" target="_blank">http://wiki.zope.org/bluebream/14DefaultSecurityPolicy</a><br>
<br>
Regards,<br>
<font color="#888888">Baiju M<br>
_______________________________________________<br>
bluebream mailing list<br>
<a href="mailto:bluebream@zope.org" target="_blank">bluebream@zope.org</a><br>
<a href="https://mail.zope.org/mailman/listinfo/bluebream" target="_blank">https://mail.zope.org/mailman/listinfo/bluebream</a><br>
</font></blockquote></div><br></div></div></div>
</blockquote></div><br>