[Zope3-dev] Re: a note on groups and roles

Jeremy Hylton jeremy@zope.com
Thu, 28 Mar 2002 12:13:48 -0500 

>>>>> "PJE" =3D=3D Phillip J Eby <pje@telecommunity.com> writes:

  >> How would this distinction have an impact on implementation?

  PJE> Because a "set of permissions" carries no implication that it
  PJE> is the application that grants that set to a principal, rather
  PJE> than the infrastructure doing so.

I'm not sure I understand what you mean.  The application provides
mechanism, and the admin using the application uses that mechanism to
define policy, right?  I think this is what you mean, but I'm not sure
because you say applications grants permissions to principal.  The
application shouldn't actually grant permissions; it should define the
permissions that an admin can assign to principals.

  PJE> If we call a "set of permissions" a "SOP", then the
  PJE> requirements I have regarding them are:

  PJE> 1. Allow individual application objects to grant SOPs to
  PJE>    principals

Well, maybe I'm not interpreting you correctly.  Can you be specific
about how an application grants SOPs to a principal?  How would it
know what principal to grant a permission to?

  PJE> 2. Zope should ask application objects *only* for SOP's needed
  PJE>    by the
  PJE> current principal to carry out their immediate intentions

Hmmm... I think I like where you're going, but this sentence is hard
to unpack.  The traditional notion of "role," as I understand it, is
a mechanism for a principal to limit the set of permissions it uses to
perform an operation.  Example:  A sys admin invokes method foo() with
the "print server" role, which means that foo() will only have
permissions related to administration of the print server.  Is that
your goal here?

If so, shouldn't the principal be saying what role it wants to use?
If it's the application, then the application could lie to the user
and trick her into using the wrong role.

  PJE> 3. SOP's are definable by applications for use within their
  PJE>    "placeful"
  PJE> space, without conflict with SOP's in use in other spaces

I don't think I understand this one at all :-(.=A0 Do you mean merely
that if permissions are named, that there is a mechanism to avoid
namespace collisions?

Jeremy