[Zope3-dev] RFC: Unification of requests and security contexts through Use

[Steve Alexander]

> I don't like the word 'use', as it leads to sentences involving "the use
> of the use", which are highly difficult to comprehend. This is not a
> theoretical complaint; Jim already used two such lines in a row in this thread 
> already.

Other words are "Activity", "Performance", "Interaction".


> I don't understand the concept of "Actor" as differentiated from "Principal".

Ok. In a recent email, I suggest getting rid of Actor.


> In my understanding, the Principal is the external entity that is using the
> system, but apparently this is now not the case.

A principal is a representation (internal to the system) of an external 
entity that is using the system.


> in practice I'm suddenly confronted with the new concepts of 
> Use, Participation and Actor. Generic words that don't ring "Security" to me
> either.

Let's lose "Actor".

Security is related not just to principals, but also to what they are 
trying to do. Maybe you're allowed to draw pictures, and I'm not allowed 
to draw pictures, but I am allowed to watch you drawing pictures.

So, the security policy allows your principal the "draw pictures" 
permission, and my principal the "watch pictures being drawn" 
permission. Provided our use of the system is limited to you drawing and 
me watching, we'll be allowed to do what we're trying to do.

--
Steve Alexander