[Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.

Jim Fulton jim at zope.com
Wed Apr 6 08:33:39 EDT 2005 

I very much want Zope 2.9 to use Zope 3's security architecture.
Zope 3's security architecture is far more robust, but it is different
in some significant ways:

- It protects names not values.  This means that you protect
   how you access things, not the things themselves.

- It doesn't provide key-bases access control for mapping
   objects.  If you can get any key, you can get all keys.
   This is less powerful that Zope 2's security system, but
   this is power we haven't needed for Zope 3 and I suggest
   we don't really need it for Zope 2.

- Non-basic values passed from trusted code to untrusted code
   are security proxied and thus protected.  This means that the
   security framework has a much greater reach than in Zope 2,
   Even trusted code is subject to the security system in many
   cases.  This can be a good thing or a bad thing, depending
   on your point of view. :)

- The Zope 3 security system is much more pluggable.  This means
   that it is much easier to provide alternate security policies
   to meet special needs to or exclude unneeded features.

For more information on the security system, see:

http://svn.zope.org/Zope3/trunk/src/zope/security/untrustedinterpreter.txt?view=markup

http://svn.zope.org/Zope3/trunk/src/zope/security/README.txt?view=markup

http://svn.zope.org/Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.txt?view=markup

http://www.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/ProgrammerTutorial/programmers_tutorial.pdf

I see 2 main challenges:

- supporting implicit acquisition

- Backward incompatibilities:

   o No support for key-based access control

   o Trusted code will be subject to security restrictions
     in cases in which it isn't now.

I think there will be a number of significant benefits, including:

- Greater security

- Less complexity

- Less risk with new Python versions

- Narrower gap between Zope 2 and Zope 3.

This will be a fairly large job.  I won't have time to work on it before this
Fall.  I could certianly use some help. :)

Are there any objections?  Suggestions? Questions?

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope-Dev mailing list