[Zope3-dev] Re: role (contextual) services?l
Jim Fulton
jim at zope.com
Tue Apr 6 09:59:41 EDT 2004
Stephan Richter wrote:
> On Monday 05 April 2004 14:09, Shane Hathaway wrote:
>
>>>But I've seen fairly convincing arguments that a role is really a group
>>>and vice versa. This to me is more interesting from an implementation
>>>perspective than it is from a user interface perspective, however.
>>
>>Talking about security in Zope will be easier if we adopt a term that
>>represents a generalization of roles, permissions, groups, and so on.
>>I'd like to suggest that these are all "security tokens". For a user to
>>gain access to some method, a contiguous chain of security tokens must
>>link the user to a method.
>>
>>Different Zope security frameworks will provide different
>>classifications of security tokens (and optimize accordingly.) Groups,
>>roles, permissions, permission groups, and privileges are security
>>tokens. Users and methods are not.
>
>
> Shane, I like the term "security token". Maybe we should update the security
> policy to be much more flexible by allowing to define new security tokens and
> generalize the grant directive to be more general.
No. Perhaps you should define a *new* security policy that lets you
explore these ideas.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list