[Zope3-dev] Initial thoughts on the Zope3 security framework
Guido van Rossum
guido@python.org
Mon, 10 Dec 2001 13:36:02 -0500
> > [me]
> > > > OK, that makes sense -- just as there can be user folders sitting
> > > > anywhere in a tree, there can be roles defined anywhere in the tree,
> > > > and they propagate down in the same way. Right?
> >
> > [Ken]
> > > Close.
[me again]
> > This suggests I wasn't quite right (as in "close, but no cigar"), but
> > the rest of what you write doesn't explain where I was wrong.
[Ken again]
> I was trying to clarify "roles defined". I saw at least three
> alternatives: declaration of role names, role-to-permission mapping, and
> role-to-user mappings. In fact, it's the third - local roles express
> role-to-user mappings. (As i went on to say, role-to-permision mappings
> are done separately, and i also (patting myself on the back:) gave some
> examples using local roles.)
Ah, that *does* clarify things. So role names and role-to-permission
mappings are totally global and central?
> I'm sorry i didn't point more directly at the ambiguity, in the first
> place.
>
> > > joe_user account gets reviewer role within the folder. The role mappings
> > > obtain for objects contained within the folders, so the local roles apply
> > > for objects in the folder and in subfolders.
>
> > Since when can "obtain" be used intransitively? What does "X obtains"
> > mean?
>
> "holds true". I didn't quite realize this was an obscure construct (and i
> couldn't have told you what "intransitive" means without looking it
> up).
Gotcha! :-)
> Anyway, i guess i figured that the meaning of "obtain" in the more common
> construct is sufficient cue. I think my mind grasps language according to
> such cues (perhaps we have different internal strategies...)
I was actually thinking that there was a word missing from the
sentence - or that it was an example of Ken-speak. :)
I'm now assuming that "X obtains" is the same as "X can be obtained",
the way you use it here.
--Guido van Rossum (home page: http://www.python.org/~guido/)