[ZDP] Zope security topic

Rik Hoekstra rik.hoekstra@inghist.nl
Fri, 18 Feb 2000 12:14:48 +0100


kamon.ayeva@bureauveritas.com wrote:
> 
> Hi,
> 

Hi Kamon

> Following the discussions on the ZPTK list, I understand that cookie-based
> authentication is a standard part of Zope security features, but I have not
> discussed it in the current chapters in Zbook.

No. Actually, cookie based authentication is not much different from
basic authentication for users. Perhaps you should generalize the parts
on authentication (you already do this) and make different sub chapters
as to the methods of authentication available (UserDB, ZopeUser, GUF
etc) like the server related (authentication with apache, IIS, whatever)
you already made.

> I will appreciate if someone could point me to a document or how-to about
> it that I could incorporate.
> Also I would like some feedback on the current material at
> http://zdp.zope.org:8080/ZDP/projects/zbook/book/IV/

I think for the most part the chapter is excellent

Feedback following

You make a distinction between a **Authentication** and
**Authorization** or **Access Control**.

For clarity I think you should add a third element (which de facto shows
up in the rest of the story): Permissions. This is the part that is
often missed when people try to grasp Zope security. Yet, it is
important to make this distinction as:

- Authentication is user centered: it makes clear what user is what.
- Permissions are object centered: they determine what actions may be
performed by what roles on a certain object
- Authorization is roles centered. Users have roles, permissions have
roles. Authorization is therefore a relation and not a property.

In addition to the piece about local roles, I think you should add a
part about proxy roles. It would have to go somewhere along the
following lines:

Sometimes you have objects (say folders), that in general are only
mutable to users with special privileges/roles. For clarity, take an
example of a folder with news messages. THe folder should not be
accessible for normal users. The reasons for this could be many, for
instance because it would imply giving them access to other objects you
do not want to be visible to them, or because it would greatly
complicate the management of roles and permissions. However, all users
should be able to add news messages. 

You can make them do so by giving special privileges, not to the users
themselves but to a generally accessible dtml method (say addNews) that
does so for them. The addNews method gets the role by proxy to the user.
Therefore they are called **proxy roles** in Zope. With proxy roles you
may enable any user to do (almost) anything (almost) anywhere, as long
as they use the method that has an appropriate proxy role assigned.

Rik