[Zope3-dev] RFC: Aggregate Permissions and Principal Groups
Nicolas Évrard
nicoe at no-log.org
Fri Jul 23 07:51:28 EDT 2004
* Jim Fulton [22:59 22/07/04 CEST]:
Fowarded to this list since I pressed 'r' instead of 'L'.
>I've posted a proposal:
>
> http://dev.zope.org/Zope3/AggregatePermissionsAndPrincipalGroups
>
>to replace roles with aggregated permissions and add principal groups
>after Zope X3.0.
>
>Comments are welcome.
Ok, here are the idea I had while reading the proposal and talking about
it with Roger.
- Groups as Principals: Really fine, Roger and I talked about it a few
days ago and it seems a very good idea the me. Moreover I wonder will
it be possible to have principal inside group inside group inside
group ? This is not exactly the same as Aggregate Permissions but
serve the same purpose.
- Aggregate permissions: Fine too. It will be more easy to create
"package" of permissions and to assign them.
I'm really happy with these two concepts.
When talking about Aggregate Permissions, you say: "There is a direct
allow grant if there is an allow grant on the object, including acquired
grants. (Obviously, inner grants override outer grants,
object-location-wise.)"
So I suppose there will be some sort of a local service that will define
the permissions on the container in which this service is located. But
then where is the mapping Principals/Group located.
Not in the authentication service as this is a "corruption" of the idea
of authentication. A global service or a local one ? The global one has
the advantage to have one unique location that define security add that
to the location-wise permission and everything is done. The local one
add a more fine-grained control but I think it is redudant with
"location-wiseabilty" of the permissions.
Anyway correct me if I don't see things the right way or if i did
understand fully the proposa (or anything else).
--
(°> Nicolas Évrard
/ ) Liège - Belgique
^^ Listening to: Change the guard
Steve Coleman and Five Elements
More information about the Zope3-dev
mailing list