[Zope3-dev] RFC: Unification of requests and security contexts through Use

Jim Fulton jim at zope.com
Sat Jan 17 10:38:33 EST 2004


Phillip J. Eby wrote:
> At 03:50 PM 1/16/04 -0500, Jim Fulton wrote:
> 
>> Yesterday, Steve and I came up with some ideas for:
>>
>>   - Improving the management of security contexts
>>
>>   - Conceptually unifying security and presentation.  This isn't 
>> something
>>     we set out to do, but rather something that became apparent in our 
>> discussions.
>>
>> See:
>>
>>
>> http://dev.zope.org/Zope3/UnificationOfRequestsAndSecurityContextsThroughUse 
>>
>>
>> In explaining this to some folks here at ZC, there was quite a bit of 
>> discussion
>> about terminology.  The most controversal aspect of which was the 
>> continued use
>> of "request" as a name for an actor's participation, at least in a 
>> browser context.
>>
>> I'd be interested in heraring what people think about this. :)
> 
> 
> I'm having trouble understanding what the "use" part is for.  It seems 
> like it's just a collection of actors, and it's not clear how an actor 
> is different from a principal, except that it has a participation.  And 
> if that's the case, why not just have the interaction reference the 
> principal directly?
> 
> Hm.  I just used "interaction" instead of participation. 

Hm, I though you used "interaction" instead of "use". IMO, the idea is to
capture the interaction of one or more actors with the system.  "Interaction"
is the word I used before Steve suggested "use".

Currently, the use is primarily a collection of actors.  I think that this provides
sufficient value, but I think that the concept is a bit bigger than than and
I think, at least in some applications, the use objects will be more than just
collections of actors.  For example, they might manage additional information,
like the location of activity (in Zope) or auditing information, such as information
about when actors joined and left the use.

The participation is important because we often care about the way actors interact
with the system. For example, wrt security, we might treat an actor that participates
via HTTP differently than an actor that participates vie HTTPS, or CORBA or an actor
that participates via code authorship.

This is a rather broad idea that might be applied differently for different
applications.

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org




More information about the Zope3-dev mailing list