[Zope3-dev] Re: role (contextual) services?l
Philipp von Weitershausen
philipp at weitershausen.de
Tue Apr 6 02:42:51 EDT 2004
Shane Hathaway wrote:
> Martijn Faassen wrote:
>
>> But I've seen fairly convincing arguments that a role is really a
>> group and vice versa. This to me is more interesting from an
>> implementation perspective than it is from a user interface
>> perspective, however.
>
> Talking about security in Zope will be easier if we adopt a term that
> represents a generalization of roles, permissions, groups, and so on.
> I'd like to suggest that these are all "security tokens". For a user to
> gain access to some method, a contiguous chain of security tokens must
> link the user to a method.
>
> Different Zope security frameworks will provide different
> classifications of security tokens (and optimize accordingly.) Groups,
> roles, permissions, permission groups, and privileges are security
> tokens. Users and methods are not.
Thanks for this brilliant explanation. This is the best argument for
groups not being principals because they are really used as security tokens.
Philipp
More information about the Zope3-dev
mailing list