[Zope3-dev] RFC: Unification of requests and security
contexts through Use
Phillip J. Eby
pje at telecommunity.com
Fri Jan 16 17:39:34 EST 2004
At 03:50 PM 1/16/04 -0500, Jim Fulton wrote:
>Yesterday, Steve and I came up with some ideas for:
>
> - Improving the management of security contexts
>
> - Conceptually unifying security and presentation. This isn't something
> we set out to do, but rather something that became apparent in our
> discussions.
>
>See:
>
>
>http://dev.zope.org/Zope3/UnificationOfRequestsAndSecurityContextsThroughUse
>
>In explaining this to some folks here at ZC, there was quite a bit of
>discussion
>about terminology. The most controversal aspect of which was the
>continued use
>of "request" as a name for an actor's participation, at least in a browser
>context.
>
>I'd be interested in heraring what people think about this. :)
I'm having trouble understanding what the "use" part is for. It seems like
it's just a collection of actors, and it's not clear how an actor is
different from a principal, except that it has a participation. And if
that's the case, why not just have the interaction reference the principal
directly?
Hm. I just used "interaction" instead of participation. That may just be
because it's the term I used for this idea (or at least my perception of
this idea) in peak.security (which only does authorization and permission
declarations ATM, not authentication or enforcement).
More information about the Zope3-dev
mailing list