[Zope3-dev] Re: Security Model

Jim Fulton jim at zope.com
Wed Jan 7 06:23:06 EST 2004 

Florent Guillaume wrote:
> Jim wrote wrote:
> 
>>I'll just note that an upcoming project will be to refactor the
>>authorization system in a way that should make it much more obvious
>>how to implement the sorts of systems sketched out in this thread.
>>
>>This is a possible project for the F12g sprint in January.
>>
>>As a matter of jargon, I see Zope 3's security system as consisting
>>of 4 parts.
>>
>>1. A system for declaring the permissions needed to access
>>    names in objects or classes of objects. I don't have a good name
>>    for this. (Security requirements? Permission requirements?)
>>
>>2. A system for enforcing permission requirements. This is implemented
>>    via security proxies.  In the future, it may involve a combination of
>>    security proxies and code manipulation.  I think a good name for
>>    this might be the protection system.
>>
>>    This system is somewhat pluggable through checker components, which are
>>    used to define the actual rules used by security proxies.
>>
>>3. A system for assigning principals to requests. This is the authentication
>>    system.  It is pluggable through the provision of authentication services.
>>
>>4. A system for deciding whether principals have permissions.  This is
>>    the authorization system.  It is pluggable through the provision of
>>    a security proxy and associated infrastructure (registered components)
>>    to manage authrization data. Different security policies will require
>>    different data, depending on the underlying model.
> 
> 
> In PluggableUserFolder we have found it important to separate
> authentication in two phases that may be treated by different pluggins:
> 
>    * Identification: The way the client tells the server who the
>      user is. When it comes to web, this is typically methods like
>      Basic HTTP Authentication, Cookies or SSL Certificates.
> 
>    * Authentication: Making sure the user is who he/she is. This typically
>      involves looking up the user in a user database and validating the users
>      password.

This is handled in the pluggable auth service by dividing this responsibility
between two components:

- A principal source is responsible for storing principal identifications
   and data needed for authentications, and for determining the aithenticated
   principal, if any, based on credentials (e.g. passwords) extracted from a request.

- A view on a pricipal source (multi-adapter from principal source and request) that
   extracts the credentials from the request.

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope3-dev mailing list