[Zope3-dev] Initial thoughts on the Zope3 security framework

[Jeremy Hylton]

>>>>> "GvR" == Guido van Rossum <guido@python.org> writes:

  GvR> Jim & Tres called out in unison: "No, they're not the same.
  GvR> We'll add groups some day."

It would be helpful, then, to define the terms.  I can't find a
definition of "role" in the security proposal.  There are a bunch of
interfaces and methods that have the word "role" in them, but it's all
too abstract for me to intuit any specific meaning :-).

I think the following terms ought to be defined precisely:

   - principal
   - role
   - permission
   (- group) ?

An example or two would also help.

Is a role just a bag that collects permissions?

Jeremy