[Zope3-dev] Re: role (contextual) services?l
Stephan Richter
srichter at cosmos.phy.tufts.edu
Tue Apr 6 07:47:57 EDT 2004
On Monday 05 April 2004 14:09, Shane Hathaway wrote:
> > But I've seen fairly convincing arguments that a role is really a group
> > and vice versa. This to me is more interesting from an implementation
> > perspective than it is from a user interface perspective, however.
>
> Talking about security in Zope will be easier if we adopt a term that
> represents a generalization of roles, permissions, groups, and so on.
> I'd like to suggest that these are all "security tokens". For a user to
> gain access to some method, a contiguous chain of security tokens must
> link the user to a method.
>
> Different Zope security frameworks will provide different
> classifications of security tokens (and optimize accordingly.) Groups,
> roles, permissions, permission groups, and privileges are security
> tokens. Users and methods are not.
Shane, I like the term "security token". Maybe we should update the security
policy to be much more flexible by allowing to define new security tokens and
generalize the grant directive to be more general. Then we would be able to
kill two to do later items at once. The only question that remains is then
how groups will be linked to some content.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-dev
mailing list