[Zope3-dev] Re: role (contextual) services?l
Stephan Richter
srichter at cosmos.phy.tufts.edu
Sun Apr 4 08:47:48 EDT 2004
On Sunday 04 April 2004 05:06, Philipp von Weitershausen wrote:
> > Do we get groups in Zope3?
>
> Out of the box, no. But I'm sure someone will someday provide a security
> policy + principal source that does give us groups. Maybe in addition to
> roles, maybe instead or maybe both. Any takers? *wink*
I would like to have a standard implementation of groups in Zope 3. If you
allow them to be a general graph, like Tres said, it will satisfy 95% of the
users.
Note however, that a new security policy might not be necessary. Groups are
really just principals. So it might be enough to deal with them in an
authentication service level. Mmmh, maybe not. I guess the security policy
would need to know about groups as well.
Shane once suggested that there is a common pattern here.
Groups contain Users contain Roles contain Permissions
for some definition of "contain". Of course a Group can be assigned roles and
permissions directly too. But I wonder whether we could abstract the security
policy in a way that we could insert a new segment in this path at any time.
If all the information lies in one registry, then this could be really fast
as well.
From the TODOLATER.txt list:
- Support for groups in the security model. No one has been
interested in working on this and, at this point, there are
too many other things to do. We *are* committed to adding this
eventually.
- Support for permission categories in the security model. No
one has been interested in working on this and, at this point,
there are too many other things to do. We *are* committed to
adding this eventually assuming that it becomes necessary due
to a large number of permissions.
So these suggest that there will be at least two more new security
artifacts...
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-dev
mailing list