Hi Anthony: Here's a Zen 0.2 answer:
Can someone give a 1-para description of proxy roles? The ZMG mentions them, but not what they are, or do. My guess is that it's like a Unix setuid program - anyone viewing the document gets the changed permissions, for the purpose of loading other objects into that object...
Your guess is correct. Often access to some content is contingent on registering, logging in, viewing a prerequisite page, etc.. A good example is using proxy roles to restrict access to downloadable files (e.g., software) to those that have "logged in" or registered on a previous page. Alternatively, you'd have to do a LOT of work managing the security on the target object (e.g., the .tgz file) through DTML scripting.
On a related note - could a search engine be added to the Zope Documentation area of the site? Please? :)
The whirring (grinding?) sound you may hear is us thinking/working to address this... --Rob