[Zope3-dev] RFC: Unification of requests and security contexts
through Use
Martijn Faassen
faassen at infrae.com
Thu Jan 22 06:08:05 EST 2004
Steve Alexander wrote:
> >In my understanding, the Principal is the external entity that is using the
> >system, but apparently this is now not the case.
>
> A principal is a representation (internal to the system) of an external
> entity that is using the system.
Right, that's more accurate; the object that represents the external entity
in the system. That's what I meant. :)
> >in practice I'm suddenly confronted with the new concepts of
> >Use, Participation and Actor. Generic words that don't ring "Security" to
> >me
> >either.
>
> Let's lose "Actor".
>
> Security is related not just to principals, but also to what they are
> trying to do. Maybe you're allowed to draw pictures, and I'm not allowed
> to draw pictures, but I am allowed to watch you drawing pictures.
>
> So, the security policy allows your principal the "draw pictures"
> permission, and my principal the "watch pictures being drawn"
> permission.
This I understand.
> Provided our use of the system is limited to you drawing and
> me watching, we'll be allowed to do what we're trying to do.
It'd also work if you're allowed to draw too, right? The word 'limited'
doesn't sound right.
Provided the system allows me drawing and you watching, we'll be allowed to
do what we're trying to do.
Is there a single use allowing both? Is this the special thing? Otherwise I'd
simply call it 'permission'; provided we both have the right permission.
Regards,
Martijn
More information about the Zope3-dev
mailing list