[Zope3-dev] Initial thoughts on the Zope3 security framework
Shane Hathaway
shane@zope.com
Mon, 10 Dec 2001 16:54:54 -0500
Martijn Faassen wrote:
> Shane Hathaway wrote:
>
>>>Yes, that's correct. There has been some talk recently about making them
>>>more
>>>centralized for reasons of making them easier to catalog, but nothing
>>>yet has come out of that. And I rather like the principle of having each
>>>branch of the tree be a tree by itself in Zope. Even so, perhaps Shane
>>>should in a word about his catologing use case .
>>>
>>I've had some more thoughts on that--it occurred to me that the catalog
>>actually could take over the knowledge of local roles, and could use any
>>strategy it likes, since it is after all an object index.
>>
>
> So there would be no local role information anywhere in the tree, just
> in the catalog, and the trees itself can query this local role core service
> to determine whether a user has permissions or not.
>
> Or do you mean we simply catalog the local role information, and we have
> a catalog that uses something like path indexes to determine whether someone
> has access?
Okay, I'll be more specific. Let's say local roles can change at any
point and there isn't a quick way to discover local role mappings
throughout the site. (That's the situation today.) We can still
perform a catalog query that limits the user to what they are allowed to
see, in a way that only the catalog has to know about.
(Thinking aloud) the old problem is that we have to be able to feed all
the user's role mappings, in any place, into the query. So we have to
be able to map users to a table of placeful roles before performing the
query. This table maps user ids to placeful roles. We can gather this
info at indexing time by scanning the acquired local roles for
user->role mappings. Every time an object is indexed we'll have to scan
for these local roles and update the placeful roles table.
Hmm, I hope that made sense. It seems like it would work, but there's
still an issue. If you change local role mappings anywhere, you have to
recatalog something in that place for the local roles to show up in the
catalog. It wouldn't be hard to make the local roles management UI
aware of the catalog, though.
At least it would be better than the current situation, where every time
a user is added or any role is changed for any user, you might as well
rebuild the whole catalog.
OTOH it keeps us from having to change the security architecture just to
make searching work right, which is definitely a good thing.
>>In any case, I think I'll back down on this issue.
>
> Hm, what're you backing down on? :)
I've been pushing to make it possible to quickly gather local roles so
that searching will work better. But now I think the problem can be
solved by the catalog implementation rather than the security architecture.
>>Centrally manageable security, OTOH, seems like a good goal anyway.
>
> Centrally *manageable* yes, but I'd like every subtree to be as independent
> at the same time, which is another good goal. What I take as the center
> where I'm managing from should ideally be any branch of the tree I pick..
Sounds right.
Shane