Is anyone currently working on enhancing Zope's security model? Traditional web servers have horrible security model's for the application designer. They leave almost all the security work to be done by the application itself. With Zope abstracting all access into a nice object oriented fashion, much more powerful models are possible. What you guys have done with users, permissions and roles is already far ahead of other web servers. I am interested in taking it a step further to remove even more security code that currently resides in dtml scripts. My vision is to provide the following capabilities. Provide for positive and negative authorizations. * We may want to give a role Employees access to a method, but not if the user is also in the role Bad Boys. Provide for resolution rules for when positive and negative authorization conflict. * (e.g. lower in the object hierarchy overrides inherited auths, negative overrides positive, order dependent) Allow time restrictions on user/role associations or method/role associations (duration or cyclical restrictions) * This would allow you to say Joe is a Manager from June 1 to June 30th. * This would allow you to say the Pay Payroll method can only be run on Friday's. * This is useful in that you don't have to remember to remove Joe from the role. It also helps when looking at audit logs you can see that he was authorized to perform those functions during that time. Allow actions to be associated with an authorization event. * on success (e.g. write audit entry in log) * on failure (e.g. write audit entry in log and call routine that checks for excessive failures and pages sys admin if over the threshold.send email) Allow expressions that include object values to play in the authorization decision. * Given an expense voucher (EV) object, a 1st Level Manager can 'sign' (an EV method) if the EV.amount is less than $2500 and the EV.author is not the AUTHENTICATED_USER. What do people think? Does this functionality sound useful? Do certain features call louder than others. I believe these features will make Zope MUCH more attractive for developing intranet applications, which typically have much more complex security requirements than public web sites do. I realize that most if not all of these features can be accomplished by coding in dtml. I would like to see much of that abstracted out into the security interface so that security policies can be more easily changed. I also realize that besides implementation, there is also the problem of coming up with a reasonable user interface that does not swamp the average person with possibilities. Good default behavior is necessary, with the full complexity of options only showing if the application designer asks for it. I've started familiarizing myself with the source code but have a ways to go. Obviously I would be making lots of changes in the access control directory, but it looks like a lot of the security framework is also embedded into the Zope objects like Folder and Document Objects. Any tips on code to pay special attention to or code that I can safely ignore would be greatly appreciated. Thanks in advance for any comments. David Jacobs MITRE Corporation