[Zope3-dev] Re: Security Model
Jim Fulton
jim at ZOPE.COM
Tue Dec 16 10:39:27 EST 2003
Shane Hathaway wrote:
> On Mon, 15 Dec 2003, Jim Fulton wrote:
>
>
>>1. A system for declaring the permissions needed to access
>> names in objects or classes of objects. I don't have a good name
>> for this. (Security requirements? Permission requirements?)
>
>
> Isn't "permission" the word for this?
I don't think so. Maybe "permission system", but that seems too broad.
>
>
>>4. A system for deciding whether principals have permissions. This is
>> the authorization system. It is pluggable through the provision of
>> a security proxy and associated infrastructure (registered components)
>> to manage authrization data. Different security policies will require
>> different data, depending on the underlying model.
>
>
> If the whole authorization system as you described it can be replaced,
> that's excellent. It's just what I'm looking for.
Cool.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list