[Zope3-dev] Initial thoughts on the Zope3 security framework

[Ken Manheimer]

On Sun, 9 Dec 2001, Guido van Rossum wrote:

> [me]
> > > OK, that makes sense -- just as there can be user folders sitting
> > > anywhere in a tree, there can be roles defined anywhere in the tree,
> > > and they propagate down in the same way.  Right?
>
> [Ken]
> > Close.
>
> This suggests I wasn't quite right (as in "close, but no cigar"), but
> the rest of what you write doesn't explain where I was wrong.

I was trying to clarify "roles defined".  I saw at least three
alternatives: declaration of role names, role-to-permission mapping, and
role-to-user mappings.  In fact, it's the third - local roles express
role-to-user mappings.  (As i went on to say, role-to-permision mappings
are done separately, and i also (patting myself on the back:) gave some
examples using local roles.)

I'm sorry i didn't point more directly at the ambiguity, in the first
place.

> > joe_user account gets reviewer role within the folder.  The role mappings
> > obtain for objects contained within the folders, so the local roles apply
> > for objects in the folder and in subfolders.

> Since when can "obtain" be used intransitively?  What does "X obtains"
> mean?

"holds true".  I didn't quite realize this was an obscure construct (and i
couldn't have told you what "intransitive" means without looking it up).
Anyway, i guess i figured that the meaning of "obtain" in the more common
construct is sufficient cue.  I think my mind grasps language according to
such cues (perhaps we have different internal strategies...)

-- 
Ken
klm@zope.com