[Zope3-dev] Certification: Supporting
"Residual Information Protection" in Zope 3
Christian Theune
ct at gocept.com
Fri Dec 16 07:52:46 EST 2005
Hi,
Am Freitag, den 16.12.2005, 07:49 -0500 schrieb Jim Fulton:
> Christian Theune wrote:
> > I think if we can guarantee never to reuse a user id, provide a tool for
> > doing RIP and we do not provide undo we are fine.
>
> Only if we manage the user ids. We often get principal ids from outside
> sources. In fact, we usually do this in production. In the case when
> we're using an external principal soure, we also don't autmatically
> know when the principal is removed.
>
> Also, current principal-management facilities in Zope 3 allow managers to
> pick ids. We probably would need to curtail this or at least prevent
> reuse.
>
> It's probably not wise to rely on this.
That sounds like for a usable certified system RIP might be out of
scope? Hmm. Hope not.
> Right. The security policy is part of the authorization system.
> The authorization system, or at least a CC-complient authorization
> system should probably grow a principal-removal API.
Well. If that would be an authorization system that would not be helpful
in everyday business, then growing one only for CC would be beside the
point of the certification to assure people that the system they use on
a daily basis matches their security expectations.
Christian
--
gocept gmbh & co. kg - schalaunische str. 6 - 06366 koethen - germany
www.gocept.com - ct at gocept.com - phone +49 3496 30 99 112 -
fax +49 3496 30 99 118 - zope and plone consulting and development
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.zope.org/pipermail/zope3-dev/attachments/20051216/bf4e266d/attachment.bin
More information about the Zope3-dev
mailing list