From: Ian B. <ia...@co...> - 2001-11-20 22:06:58
|
On Tue, 2001-11-20 at 16:27, Tavis Rudd wrote: > > > * secure authentification mechanism that works with or without > > > cookies > > > > Not included > Does it use cookies by default? If we tied up the discussions from > the last few weeks about this issue and chose a mechanism then this > would be a moot point. I meant: it doesn't do logging in or anything connect with the Web by default. > > > * concept of both users and groups (completely separate from the > > > OS!) > > > > Yes, calls them roles. > > Ah, but 'groups' are not the same things as 'roles'. I'm using > 'groups' in the traditional unix sense of the term, but with the > proviso that a group can belong to other groups. 'roles' are > something completely different. A better term for 'roles' is > 'actions'. In the context of web publishing, actions could include > the following: view, edit, delete, rollback, publish, hide, etc. > > example: members of group X are allowed to view object Y, but not > edit/delete/etc. it. I'm not clear on what you are thinking. Roles (to UserKit) are things like, oh, "editor", "contributor", etc. Groups are equivalent. I think what you're thinking of for roles/actions are what I'd call permissions, or maybe capabilities -- you have distinct permissions to edit object X, view object X, etc. > > I think permissions should be considered something of a different > > issue -- ACLs being traditional at this point, but not always > > appropriate. They are closely tied to the system's notion of a an > > object and the granularity of permissions. > > Permissions (aka authorization) are a layer on top of the > authentification system, so maybe we should start there. I did a > whole bunch of this stuff (several thousand lines) in PHP before I > got sick of it and moved to Python. I'll see if I still have it > sitting around somewhere. Well, we can start with authentication if it means we just use UserKit, because using code that exists is very easy :) It's not at all clear to me, now, what an object is in Webware, with respect to permissions -- obviously not every object is going to have permission information. Not every object is viewable. Zope has a very clear notion of what objects are, but then some of what falls out of that is what I didn't like about it. Ian |