[Zope3-dev] Re: principals vs. users

Guido van Rossum guido@python.org
Fri, 14 Dec 2001 11:30:50 -0500 

[jim]
> Given that several principals can be associated with a single
> human, it might be confusing to talk about them as separate
> users.

Unix says username to disambiguate these, when that's necessary.

> It *might* be useful to actually have a concept labeled
> "user" that is a (possibl implicit) "group" of all of the 
> principals associated with a particulat human.

I've never heard of that, and I don't know how you would prove that
those principals really are the same person.  Anyway, if you want that
concept, call it "person".

[me]
> > And another thing that came to me while writing that reply: in
> > terms of the principal <--> permission mapping, groups and roles
> > really are equivalent: both define a set of (principal,
> > permission) pairs that's the intersection of some rows and some
> > columns.  Where is my thinking wrong?  What is in your opinion the
> > difference between these two?
> 
> I agree that, currently, roles and groups are operationally the
> same, however the intent is very different. A "role" is a
> responsability of a principal in some place.  A group is a principal
> that is an assembly of other principals.

Yes, Philip's post clarified to me the psychological difference
between groups and roles; I now agree it's important.

> There are (well, will be) some operational differences:
> 
> - Roles are relative to a particular object (and sub-objects).
>   Groups are not context-dependent (other than the context 
>   of the authentication service where they are defined.

Correct.

> - In the future, principals will be able to control what roles
>   they can have at a point in time. They will be able to enable and
>   disable roles much as they would put on and take off hats.

Cool.  Like Unix 'newgrp' but better. :-)

>   It may turn out that people only have one role (wear one hat) at
>   a time.

Unix has one primary group but any number of extra groups.  I don't
know if this translates to Zope thoug.

> This provides some significant benefits:
> 
>   o More focused user interfaces can be provides based on the
>     current role,

That's good.

>   o Risks of client-side trojan attacks will be partly mitigated.

How?

--Guido van Rossum (home page: http://www.python.org/~guido/)