[Zope3-dev] Initial thoughts on the Zope3 security framework
Paul Everitt
paul@zope.com
Mon, 10 Dec 2001 15:23:33 -0500
Martijn Faassen wrote:
> Shane Hathaway wrote:
>
>>>Yes, that's correct. There has been some talk recently about making them
>>>more
>>>centralized for reasons of making them easier to catalog, but nothing
>>>yet has come out of that. And I rather like the principle of having each
>>>branch of the tree be a tree by itself in Zope. Even so, perhaps Shane
>>>should in a word about his catologing use case .
>>>
>>I've had some more thoughts on that--it occurred to me that the catalog
>>actually could take over the knowledge of local roles, and could use any
>>strategy it likes, since it is after all an object index.
>>
>
> So there would be no local role information anywhere in the tree, just
> in the catalog, and the trees itself can query this local role core service
> to determine whether a user has permissions or not.
>
> Or do you mean we simply catalog the local role information, and we have
> a catalog that uses something like path indexes to determine whether someone
> has access?
Hmm, this reminds me of something from the versioning proposal. In
versioning, the same logical piece of content might appear in multiple
places in the tree. A placeless repository manages the authoritative
version.
With this in mind, allowing security information to apply once to a
logical piece of content, even it's placefull in multiple places, seems
kind of intriguing.
--Paul