[Zope3-dev] Initial thoughts on the Zope3 security framework
Martijn Faassen
faassen@vet.uu.nl
Sun, 9 Dec 2001 13:26:00 +0100
Guido van Rossum wrote:
> > http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/SecurityFramework
>
> Please change "principle" into "principal" before this misspelling
> propagates into real code. ;-)
Ah, perhaps this is a more common word in security lingo, though still
new to me. :)
> I wish I understood the Zope2 security model better; whenever you
> explain something by how it differs from Zope2, I'm lost. Also, I'm
> not sure I understand the notions "context", "client" and "local role"
> well enough to understand everything.
Hm, at least I know 'local role'. A local role is a role a user receives
dependent on what object he tries to access. I.e. I may have role 'manager'
in one place while only role 'anonymous' in another. Local role permissions
are acquired by subobjects. Currently local roles are settable in a
non-scalable sad stepchild screen in the ZMI hanging off the
security tab. They're pretty common in the types of sites I design,
so I'm glad to see they're gaining a more central place; non-local roles
are only a specialization of local roles, as they should be.
Hope that helps,
Martijn