[Zope3-dev] Initial thoughts on the Zope3 security framework
Lennart Regebro
lennart@regebro.nu
Thu, 13 Dec 2001 22:11:39 +0100
From: "Jeremy Hylton" <jeremy@zope.com>
> How much stress would it cause if we migrated more of the Zope
> security architecture towards standard terminology? I believe the
> thing Zope calls a "role" is typically called a "group." A group has
> a set of permissions associated with it. A principal is associated
> with a set of groups, which implies the permissions of the group.
Well, pretty much, since the word "group" in my opinion may be used for
other things.
Todays security has it's flaws, one is that you tend to end up with a system
with loads and loads of different permissions. It would be nice if they
could be grouped in some way. Also, it would be nice to not have all users
in just one big list. So these also need to be grouped...
In that context I don't think it's a good idea to introduce "groups".
Besides, "roles" is a better word for what it does and how it's used.