[Zope-PTK] PROPOSAL: A Confidence Mechanism in UserRoleManagement
Chip Vanek
chip@upcast.com
Sat, 12 Feb 2000 15:07:23 -0800
>-----Original Message-----
>From: ucntcme@libc.org [mailto:ucntcme@libc.org]On Behalf Of Bill
>Anderson
>Sent: Saturday, February 12, 2000 1:28 PM
>To: Chip Vanek; zope-ptk@zope.org
>Subject: Re: [Zope-PTK] PROPOSAL: A Confidence Mechanism in
>UserRoleManagement
>
>
>Chip Vanek wrote:
>...
>> >My point was you are asking about an application level
>> >instantiation of some
>> >security model at this point. We are discussing the model itself.
>> >
>>
>> The interplay between local roles and Zope security is still not
>> "self revealing" to me yet. I hope to clear up my mental fog soon...
>
>Rmember when Disneyland had different kinds of tickets fo rdifferent
>rides? TO me, the Zope Roles/Users setup is like that. When the user
>logs in, s/he gets a ticket(role), or a set of tickets(roles).
>When s/he
>goes to 'ride a ride' (use a db method, view a page, etc..), Zope looks
>to make sure s/he has the right ticket.
>
>And Zope has a helluva lot more rides then DL. ;^)
Hey, That description really helped! How did you know my mind
needs examples from childhood. Thanks for the clear mental
map.
>
>> >> Sharing credentials between sites is likely a pipe dream so
>> >> ignore that crud.
>> >
>> >This is simply a technical restriction of the current system.
>> >If you use
>> >PKI-style client certificates then you already do share
>"credentials,"
>> >however there is a pretty heavy cost to doing so.
>> >
>>
>> It is cost of using ful scale PKI that I am trying to avoid. I spend
>> 3 years fighting to get a full PKI infrastructure in place inside
>> Hewlett-Packard and still feel the scars. They now have over 50k
>> certificates and a CA linked to a master directory or all 125k users
>> but, I no longer have any love for a corporate IT job.
>
>AHA! So _YOU'RE_ the one to blame!! ;^)
>
>
Sorry ;( We all need work. I have matured since then...
Best,
Chip
>
>--
>In flying I have learned that carelessness and overconfidence are
>usually far more dangerous than deliberately accepted risks.
> -- Wilbur Wright in a letter to his father, September 1900
>