[Zope3-dev] Re: Security Model
Phillip J. Eby
pje at telecommunity.com
Tue Dec 16 11:51:50 EST 2003
At 10:28 PM 12/15/03 -0500, Jim Fulton wrote:
>I'll just note that an upcoming project will be to refactor the
>authorization system in a way that should make it much more obvious
>how to implement the sorts of systems sketched out in this thread.
>
>This is a possible project for the F12g sprint in January.
>
>As a matter of jargon, I see Zope 3's security system as consisting
>of 4 parts.
>
>1. A system for declaring the permissions needed to access
> names in objects or classes of objects. I don't have a good name
> for this. (Security requirements? Permission requirements?)
How about "required permissions", or maybe "permission declarations"?
>2. A system for enforcing permission requirements. This is implemented
> via security proxies. In the future, it may involve a combination of
> security proxies and code manipulation. I think a good name for
> this might be the protection system.
It seems a little vague; how about "enforcement system"?
More information about the Zope3-dev
mailing list