[Zope3-dev] Re: role (contextual) services?l
Shane Hathaway
shane at zope.com
Mon Apr 5 14:09:07 EDT 2004
Martijn Faassen wrote:
> But I've seen fairly convincing arguments that a role is really a group
> and vice versa. This to me is more interesting from an implementation
> perspective than it is from a user interface perspective, however.
Talking about security in Zope will be easier if we adopt a term that
represents a generalization of roles, permissions, groups, and so on.
I'd like to suggest that these are all "security tokens". For a user to
gain access to some method, a contiguous chain of security tokens must
link the user to a method.
Different Zope security frameworks will provide different
classifications of security tokens (and optimize accordingly.) Groups,
roles, permissions, permission groups, and privileges are security
tokens. Users and methods are not.
Shane
More information about the Zope3-dev
mailing list