[Zope3-dev] Re: Security Model
Shane Hathaway
shane at zope.com
Tue Dec 16 10:22:32 EST 2003
On Mon, 15 Dec 2003, Jim Fulton wrote:
> 1. A system for declaring the permissions needed to access
> names in objects or classes of objects. I don't have a good name
> for this. (Security requirements? Permission requirements?)
Isn't "permission" the word for this?
> 4. A system for deciding whether principals have permissions. This is
> the authorization system. It is pluggable through the provision of
> a security proxy and associated infrastructure (registered components)
> to manage authrization data. Different security policies will require
> different data, depending on the underlying model.
If the whole authorization system as you described it can be replaced,
that's excellent. It's just what I'm looking for.
Shane
More information about the Zope3-dev
mailing list