[Zope3-checkins] CVS: Zope3/doc/security - background.rst:1.3

Christian Theune ct@gocept.com
Mon, 17 Mar 2003 15:52:40 -0500 

Update of /cvs-repository/Zope3/doc/security
In directory cvs.zope.org:/tmp/cvs-serv28140

Modified Files:
	background.rst 
Log Message:
tried some first steps. 

@SteveA, please review my little changes and tell me if thats what you want.


=== Zope3/doc/security/background.rst 1.2 => 1.3 ===
--- Zope3/doc/security/background.rst:1.2	Fri Mar  7 10:06:26 2003
+++ Zope3/doc/security/background.rst	Mon Mar 17 15:52:40 2003
@@ -19,7 +19,13 @@
 1a. "Zope" is available in several different versions. In this document,
    we are concerned only with Zope version 3X.x.x and Zope version 3.x.x.
 
-   TODO: briefly explain Zope 3X and Zope 3.
+1b. "Zope 3X" is the preliminary version of Zope 3. It is built from the ground
+    up, paying attention to the lessons learned from Zope 2 and CMF. It is not a
+    product but intended to let developers get familiar with the new architecture
+    early.
+    
+1c. "Zope 3" is the mainline release intended for production use and including
+    backwards compatibility to Zope 2. 
 
 2. Python is an object-oriented language suitable both for writing stand-alone
    scripts and for large-scale software projects. It is implemented in C,
@@ -42,10 +48,6 @@
    calls within zope occur in-process. There's no CORBA or DCOM style
    server sitting around waiting for calls. (XXX rewrite this.)
 
-x. "Publishing" is the process where, upon receiving a request from a client,
-   Zope renders a view on an object and returns this to the client.
-   For HTTP and FTP, the response takes the form of a sequence of bytes.
-
 5. A Python object is a building-block of a software system. An object
    has a set of attributes, identified by name. An attribute represents
    either a piece of data (that is, another object), or a function or
@@ -79,7 +81,27 @@
 Publishing
 ----------
 
-  write more here about the publication process
+10. "Publishing" is the process where, upon receiving a request from a client,
+   Zope renders a view on an object and returns this to the client.
+   For HTTP and FTP, the response takes the form of a sequence of bytes.
+
+10a. To actually publish an object several steps need to be taken. First the
+    incoming request needs to be transformed into a standard data structure
+    independent of the actual protocol used. Using the information from the
+    request we can associate a principal responsible for it and identify the
+    requested object using a mechanism called "traversal". 
+    Before responding to the request and actually retrieving data from the
+    object, the object is wrapped with a security proxy that intermediates
+    access to the object using the security management APIs. 
+
+    
+    security
+    assertions are applied paying respect to the parameters of the principal
+    and the object and his context. After retrieving information from the
+    object the result needs to be 
+
+    
+    form the requests
 
   convert URL into a sequence of path segments
   traverse from the root to the next object based on the first path segment.