RE: [Rainbowportal-devel] new security framework for rainbow
Brought to you by:
danijel_kecman,
manudea
From: Geert A. <gee...@sy...> - 2003-04-28 06:26:58
|
Hi Mark, In a Windows Authentication deployment, an admin can only create roles. Users & Groups must be created in the AD domain itself with the appropriate tools from microsoft. About the windows-service stuff, as I mentioned this would only the case when implementing a large project. Not for small projects so there won't be any issue. It's just another implementation of the interfaces. Greetz, Geert ******************* Geert Audenaert Syntegra, creating winners in the digital economy +32 2 247 92 20 - check us out at www.syntegra.be ******************* -----Original Message----- From: rai...@li... [mailto:rai...@li...] On Behalf Of Mark McFarlane Sent: zondag 27 april 2003 6:36 To: rai...@li... Subject: RE: [Rainbowportal-devel] new security framework for rainbow I support the concept of separate Roles and Groups. In a Windows Authentication deployment, are there Rainbow Groups and AD groups? 2 different animals? How do they interoperate? As an fyi - most web site admins in a large corporation will not be able to create AD groups, but they could create Rainbow Roles and add AD users and AD groups to a Rainbow role. Mark -----Original Message----- From: rai...@li... [mailto:rai...@li...] On Behalf Of John M Sent: Friday, April 25, 2003 12:58 PM To: rai...@li... Subject: RE: [Rainbowportal-devel] new security framework for rainbow Hi guys, The only thing I would say about moving everything to a seperate windows service is that it would effect everyone who doesn't have their own server (On a shared host) as they wont be allowed to install a windows service. Cheers, John >From: "Geert Audenaert" <gee...@sy...> >To: "'Ender Malkoc'" <end...@ya...>, ><rai...@li...> >Subject: RE: [Rainbowportal-devel] new security framework for rainbow >Date: Fri, 25 Apr 2003 08:25:19 +0200 > >I have several ideas for solving performance issues. > >For small sites I don't see the problem as there won't be much groups >and roles here. > >A performance problem could occur for bigger sites that use forms >authentication (in case of windows authentication we just rely on the >IsInRole function of the WindowsPrincipal, that's why I want a >reference to the original principal in our IRainbowPrincipal). What I >would suggest here is that we make our own Rainbow state service which >keeps all information about security, modules and tabs (the whole >rainbow object model) in memory (in a separate windows service). > >I wouldn't worry about Rainbow beginners. As long as the manual >explains it clearly, they'll figure it out. > >Greetz, > >Geert > >******************* >Geert Audenaert >Syntegra, creating winners in the digital economy >+32 2 247 92 20 - check us out at www.syntegra.be >******************* > > > > >-----Original Message----- >From: rai...@li... >[mailto:rai...@li...] On Behalf Of >Ender Malkoc >Sent: donderdag 24 april 2003 18:11 >To: rai...@li... >Subject: RE: [Rainbowportal-devel] new security framework for rainbow > >I understand your point. I think for systems with many users, this can >come handy. On the other hand for Rainbow beginners this would be >confusing as hell. >This is particularly because roles and groups would not be >distinguishable. I >don't know which one is better. >For the multi-hierarchy permissions (Roles can include groups which can >further >include other groups etc.) have you thought about performance >implications? > >Ender > >--- Geert Audenaert <gee...@sy...> wrote: > > I understand your concern Ender, > > > > But I don't want to replace the roles functionality. For example > > when using the Users & Groups from active directory, you would have > > to add groups to active directory to simulate the roles > > functionality. > > > > In general I would advise portal users only to give permissions to > > roles, and only in exceptional situations give permissions to users >and > > groups. > > > > Agree? > > > > Greetz, > > > > Geert > > > > ******************* > > Geert Audenaert > > Syntegra, creating winners in the digital economy > > +32 2 247 92 20 - check us out at www.syntegra.be > > ******************* > > > > > > > > > > -----Original Message----- > > From: rai...@li... > > [mailto:rai...@li...] On Behalf > > Of Ender Malkoc > > Sent: donderdag 24 april 2003 16:55 > > To: rai...@li... > > Subject: Re: [Rainbowportal-devel] new security framework for > > rainbow > > > > Well if you have group and user level permissions, you don't really >need > > roles. > > I think that really complicates the matters. I would only have users >and > > groups > > and be able to grant/deny permissions to them. Exactly like it is in >NT. > > > > --- Geert Audenaert <gee...@sy...> wrote: > > > Hi guys, > > > > > > On request of manu, I designed how we could work with > > > authorization >in > > > the next versions of rainbow. > > > > > > I have added group support, so we have the following types of > > > units >we > > > grant permission's too: > > > > > > Roles: > > > Roles are permission sets. Normally there are number of different > > roles: > > > authors, editors, publishers, admins, etc . > > > Roles can contain Users & Groups > > > > > > Groups: > > > Groups are collections of users which have the same profile. For > > example > > > in our firm these are Developers, Project Leaders, Managers, etc . > > > Groups can contain Users & Groups > > > > > > Users: > > > I don't think this needs explination > > > > > > Something I want changed to, is the fact we only can grant > > permission's > > > to roles. I know this is what they are intended for but, it's > > > always very handy to be able to give access to something to a user > > > or >group. > > > Don't worry yet how we are going to persist these things, we'll > > > look > > at > > > it once we discuss the persistence model. > > > So if you have the time, plz take a look at it, try to understand > > > it > > and > > > shoot your questions and comments. I have attached the project in > > which > > > all interfaces regarding security are put. > > > Bye, > > > Geert > > > ******************* > > > Geert Audenaert > > > Syntegra, creating winners in the digital economy > > > +32 2 247 92 20 - check us out at <http://www.syntegra.be/> > > > www.syntegra.be > > > ******************* > > > > > > > > > > > ATTACHMENT part 2 application/octet-stream name=RainbowTwo.zip > > > > > > > > __________________________________________________ > > Do you Yahoo!? > > The New Yahoo! Search - Faster. Easier. Bingo > > http://search.yahoo.com > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Rainbowportal-devel mailing list > > Rai...@li... > > https://lists.sourceforge.net/lists/listinfo/rainbowportal-devel > > > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Rainbowportal-devel mailing list > > Rai...@li... > > https://lists.sourceforge.net/lists/listinfo/rainbowportal-devel > > >__________________________________________________ >Do you Yahoo!? >The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf _______________________________________________ >Rainbowportal-devel mailing list >Rai...@li... >https://lists.sourceforge.net/lists/listinfo/rainbowportal-devel > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf _______________________________________________ >Rainbowportal-devel mailing list >Rai...@li... >https://lists.sourceforge.net/lists/listinfo/rainbowportal-devel _________________________________________________________________ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Rainbowportal-devel mailing list Rai...@li... https://lists.sourceforge.net/lists/listinfo/rainbowportal-devel ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Rainbowportal-devel mailing list Rai...@li... https://lists.sourceforge.net/lists/listinfo/rainbowportal-devel |