[BlueBream] Document default security policy
Justin Ryan
justin.ryan at reliefgarden.org
Wed Jul 28 15:14:07 EDT 2010
On Wed, Jul 28, 2010 at 11:50 AM, Justin Ryan wrote:
> I've spent a lot of energy in this space recently, trying to combine wisdom
> from Philipp and Stephan's books, Grok docs, etc..
>
> There definitely seems to be conventional wisdom not well expressed, and
> I'd like to change that.
>
> I'm working on a simple addon which, when included properly into a default
> BlueBream paster template, sets up pau and complements the default security
> policy well, but I'd also like to contribute some documentation helping to
> centralize the tomes of info i picked through to do what is really very
> simple.
>
> And I have a rich understanding of principals, roles, permissions..
>
>
> On Wed, Jul 28, 2010 at 12:59 AM, Baiju M <baiju.m.mail at gmail.com> wrote:
>
>> Hi All,
>> I think one of the important missing document is
>> about the default security policy in BB.
>>
>> We are defining security policy in the "securitypolicy.zcml" file.
>> By default this file resides inside the project source
>> directory. For example, if the project name is "tc.main",
>> the security configuration file will be in this path:
>> "src/tc/main/securitypolicy.zcml"
>> The security policy configuration file is included from
>> the main "configure.zcml" which is residing in the
>> same directory.
>>
>> We need to explain:-
>>
>> - What is security policy ?
>> - A brief overview of Principal/Role/Permission concepts
>> used in the default security policy.
>> - A brief overview of the default security policy and its intent.
>> We should mention that what is given there in "securitypolicy.zcml"
>> is a sample file, which is recommended to change.
>> In fact we have already have comment like this at the
>> beginning of that file:
>> <!-- This file contains sample security policy definition -->
>> - Explain each ZCML directives related to security policy
>> (securityPolicy, unauthenticatedPrincipal, unauthenticatedGroup
>> authenticatedGroup, everybodyGroup, role, grant, principal)
>> - Brief overview of each definition in the file (securitypolicy.zcml)
>> May be this can be combined with the previous part.
>> - Explain how to add new permissions, roles
>> Reccomentation for naming ID -- there should be "." character
>> in the ID -- URL can be used as ID but not commonly used.
>> - Mention that HTTP basic authentication will be used by
>> default (how it is coming ?) -- mention the other chapted
>> about PAU (which is yet to be created)
>>
>> Now I think, this chapter can be named as "Basic Security"
>> and incorporate content from here:
>> http://wiki.zope.org/bluebream/BasicSecurity
>> (Based on Stephan Richter's book)
>> Or we can have a chapter on BasicSecurity and
>> documentation about default security policy
>> could be another chapter.
>>
>> May be we can include a *sidebar* about security framework
>> used to build the BB security - Checkers, Proxies etc.
>> (http://pypi.python.org/pypi/zope.security)
>>
>> We should have a separate chapter on PAU.
>> And it should be mentioned from here as the
>> next step. We need think more about
>> this chapter :)
>>
>> If anyone want to work on this introductory chapter on
>> BB security, please let me know.
>>
>> Please suggest if any other topic need to be covered.
>>
>> BTW, I have added a ticket for this:
>> http://wiki.zope.org/bluebream/14DefaultSecurityPolicy
>>
>> Regards,
>> Baiju M
>> _______________________________________________
>> bluebream mailing list
>> bluebream at zope.org
>> https://mail.zope.org/mailman/listinfo/bluebream
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/bluebream/attachments/20100728/bdb43b55/attachment.html
More information about the bluebream
mailing list