[Zope-PTK] PROPOSAL: A Confidence Mechanism in UserRoleManagement

[Bill Anderson]

Chip Vanek wrote:
...
> >My point was you are asking about an application level
> >instantiation of some
> >security model at this point. We are discussing the model itself.
> >
> 
> The interplay between local roles and Zope security is still not
> "self revealing" to me yet.  I hope to clear up my mental fog soon...

Rmember when Disneyland had different kinds of tickets fo rdifferent
rides? TO me, the Zope Roles/Users setup is like that. When the user
logs in, s/he gets a ticket(role), or a set of tickets(roles). When s/he
goes to 'ride a ride' (use a db method, view a page, etc..), Zope looks
to make sure s/he has the right ticket.

And Zope has a helluva lot more rides then DL. ;^)

> >> Sharing credentials between sites is likely a pipe dream so
> >> ignore that crud.
> >
> >This is simply a technical restriction of the current system.
> >If you use
> >PKI-style client certificates then you already do share "credentials,"
> >however there is a pretty heavy cost to doing so.
> >
> 
> It is cost of using ful scale PKI that I am trying to avoid.  I spend
> 3 years fighting to get a full PKI infrastructure in place inside
> Hewlett-Packard and still feel the scars.  They now have over 50k
> certificates and a CA linked to a master directory or all 125k users
> but, I no longer have any love for a corporate IT job.

AHA! So _YOU'RE_ the one to blame!! ;^)



-- 
In flying I have learned that carelessness and overconfidence are 
usually far more dangerous than deliberately accepted risks. 
          -- Wilbur Wright in a letter to his father, September 1900