[Zope-dev] ComponentArchitecture thoughts

Michael R. Bernstein webmaven@lvcm.com
04 Aug 2001 12:08:59 -0700


On 04 Aug 2001 11:48:49 -0700, Michel Pelletier wrote:
>
> Tim McLaughlin wrote:
> > 
> > 2.  Simplify the security model more, if possible :)  I know, it's been
> > done, but it's still not easy.
> 
> On the side, keep in mind that the component model will simplify
> security for the developer quite a bit.  By cleanly separating
> presentation from application from content, you can assess the security
> needs for each layer independently.  Right now, different methods that
> you want to protect under different policies are all mushed into one
> class, which is why you *need* to be very verbose with security now. 
> Decomposing that will let you secure your components in bite sized
> chunks.

Michel,

Do you (or Jim) see this aspect of the component architecture solving
the issues that I'm trying to deal with in my SecurityJihad proposal?

Myself, I'm less concerned with 'mushing' the security in one class,
than I am with having to jump though various hoops to get what is
supposed to be the default behaviour as described in the developer
guide.

Michael Bernstein.

P.S. for those of you who haven't seen it yet, the proposal is at
http://dev.zope.org/Wikis/DevSite/Proposals/SecurityJihad , comments
welcome.