AW: [Zope3-dev] Re: role (contextual) services?l
Roger ineichen
dev at projekt01.ch
Sun Apr 4 11:11:14 EDT 2004
> I would like to have a standard implementation of groups in
> Zope 3. If you
> allow them to be a general graph, like Tres said, it will
> satisfy 95% of the
> users.
>
> Note however, that a new security policy might not be
> necessary. Groups are
> really just principals. So it might be enough to deal with them in an
> authentication service level. Mmmh, maybe not. I guess the
> security policy
> would need to know about groups as well.
>
> Shane once suggested that there is a common pattern here.
>
> Groups contain Users contain Roles contain Permissions
>
> for some definition of "contain". Of course a Group can be
> assigned roles and
> permissions directly too. But I wonder whether we could
> abstract the security
> policy in a way that we could insert a new segment in this
> path at any time.
> If all the information lies in one registry, then this could
> be really fast
> as well.
>
> From the TODOLATER.txt list:
>
> - Support for groups in the security model. No one has been
> interested in working on this and, at this point, there are
> too many other things to do. We *are* committed to adding this
> eventually.
>
> - Support for permission categories in the security model. No
> one has been interested in working on this and, at this point,
> there are too many other things to do. We *are* committed to
> adding this eventually assuming that it becomes necessary due
> to a large number of permissions.
>
> So these suggest that there will be at least two more new security
> artifacts...
I don't think I got this right;
A permission category collects permissions in a category
say:
Category Editor has the persmissions:
- "Edit Content"
- "View Content"
Isn't that a role? What exactly is a Permission Category?
Is a permission category a "permission" where we can
abstract permissions of components.
And this permission category acts as one permission.
Like a mapping:
permission "DoAll" is a mapping to the permission
- "Edit View"
- "View Content"
This let you give the permission "DoAll" to the Role "Master"?
This whould mean we can simplify and map a lot of permissions
from different packages together in a useable way.
Like "Edit Wiki" "Edit Document" can be mapped to "Edit".
This whould sometimes make the live easier. ;-)
> Regards,
> Stephan
> --
> Stephan Richter
> CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D.
> student) Web2k - Web Software Design, Development and Training
>
> _______________________________________________
> Zope3-dev mailing list
> Zope3-dev at zope.org http://mail.zope.org/mailman/listinfo/zope3-dev
>
More information about the Zope3-dev
mailing list