[Zope3-dev] Pluggability of security policies
Jim Fulton
jim at zope.com
Sat Nov 22 09:59:55 EST 2003
I want to emphasize that security policies will be extremely pluggable.
The only things that will be (relatively) fixed, wrt security, are:
- Programmers will declare the permissions required to access objects in
various ways.
- The authentication service determines the authenticated principal.
- Security proxies and untrusted-code machinery.
Security policies will be made available as separate packages.
A security policy defines the authorization model and provides the
software for managing authorization information and making authorization
decisions. For example, the notions of "groups" and "roles" are artifacts
of *a* security policy. Alternative security policies could use these or
other concepts. In other words, if you don't like my jargon, you will be able
to create alternative security policies with different models.
As mentioned the other day, I intend to factor out the Zope security policy
into a separate package to illustrate what a pluggable security policy would
look like and how it interacts with the rest of the system.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list