[Zope3-dev] Initial thoughts on the Zope3 security framework
Guido van Rossum
guido@python.org
Sun, 09 Dec 2001 09:22:31 -0500
> Ah, perhaps this is a more common word in security lingo, though still
> new to me. :)
The difference is, this one you can look up. E.g. Google gives lots
of hits if you try Principal and Java.
> > I wish I understood the Zope2 security model better; whenever you
> > explain something by how it differs from Zope2, I'm lost. Also, I'm
> > not sure I understand the notions "context", "client" and "local role"
> > well enough to understand everything.
>
> Hm, at least I know 'local role'. A local role is a role a user receives
> dependent on what object he tries to access. I.e. I may have role 'manager'
> in one place while only role 'anonymous' in another. Local role permissions
> are acquired by subobjects. Currently local roles are settable in a
> non-scalable sad stepchild screen in the ZMI hanging off the
> security tab. They're pretty common in the types of sites I design,
> so I'm glad to see they're gaining a more central place; non-local roles
> are only a specialization of local roles, as they should be.
OK, that makes sense -- just as there can be user folders sitting
anywhere in a tree, there can be roles defined anywhere in the tree,
and they propagate down in the same way. Right?
--Guido van Rossum (home page: http://www.python.org/~guido/)