[Zope3-dev] Initial thoughts on the Zope3 security framework

[Barry A. Warsaw]

[Barely catching up on all the traffic on this list... -BAW]

>>>>> "JF" == Jim Fulton <jim@zope.com> writes:

    JF> Any setting can be made in multiple places, however, role and
    JF> permission *definition* tends to be done centrally, where
    JF> "central" in this sense is a bit relative. In most cases, as
    JF> site will have one set of role definitions and once set of
    JF> permission definitions. Some sites might include "sub-sites",
    JF> where sub-sites have their own "global" definitions, that
    JF> build on the site global definitions.

This is actually a very interesting issue, and something that I
suspect a lot of systems need/want to address.  E.g. in Mailman, we
have several cascading levels of permissions where (ideally) we'd like
to set up option defaults site-wide, and then be able to choose which
options we will delegate to sub-groups (i.e. virtual domains).  The
owners of those sub-groups can then choose to delegate some or all of
their options to smaller groups (i.e. to list owners).

Acquisition /seems/ like a natural fit here, and it's the one place
where I can see that feature actually making the problem easier to
solve.  I wonder whether there's something here we can generalize into
a generic Python library?

-Barry