[Zope3-dev] Initial thoughts on the Zope3 security framework

[Guido van Rossum]

> > [me]
> > > > OK, that makes sense -- just as there can be user folders sitting
> > > > anywhere in a tree, there can be roles defined anywhere in the tree,
> > > > and they propagate down in the same way.  Right?
> >
> > [Ken]
> > > Close.

[me again]
> > This suggests I wasn't quite right (as in "close, but no cigar"), but
> > the rest of what you write doesn't explain where I was wrong.

[Ken again]
> I was trying to clarify "roles defined".  I saw at least three
> alternatives: declaration of role names, role-to-permission mapping, and
> role-to-user mappings.  In fact, it's the third - local roles express
> role-to-user mappings.  (As i went on to say, role-to-permision mappings
> are done separately, and i also (patting myself on the back:) gave some
> examples using local roles.)

Ah, that *does* clarify things.  So role names and role-to-permission
mappings are totally global and central?

> I'm sorry i didn't point more directly at the ambiguity, in the first
> place.
> 
> > > joe_user account gets reviewer role within the folder.  The role mappings
> > > obtain for objects contained within the folders, so the local roles apply
> > > for objects in the folder and in subfolders.
> 
> > Since when can "obtain" be used intransitively?  What does "X obtains"
> > mean?
> 
> "holds true".  I didn't quite realize this was an obscure construct (and i
> couldn't have told you what "intransitive" means without looking it
> up).

Gotcha! :-)

> Anyway, i guess i figured that the meaning of "obtain" in the more common
> construct is sufficient cue.  I think my mind grasps language according to
> such cues (perhaps we have different internal strategies...)

I was actually thinking that there was a word missing from the
sentence - or that it was an example of Ken-speak. :)

I'm now assuming that "X obtains" is the same as "X can be obtained",
the way you use it here.

--Guido van Rossum (home page: http://www.python.org/~guido/)