[Zope3-dev] RFC: Unification of requests and security contexts through Use

Chris McDonough chrism at plope.com
Tue Jan 20 05:04:02 EST 2004


> A request (as currently in Zope 3) tells us about a single actor talking 
> to the system via one channel of communication. This does not allow us 
> to express that another actor is involved because that actor wrote some 
> code that is being executed by the first actor.

Thanks.  I've reread the proposal, and I'm still a bit fuzzy about the
verbiage with respect to multiple principals being part of the same use,
sorry.  Being able to collect all of the actors into a use doesn't seem
to imply that there is any relationship between them or between the use
and the security machinery.  How does it help to collect them all into
the use "bag" when it will apparently ultimately be the responsibility
of code outside of the use/actor/participation/principal/request
machinery to make any sense out of them?  Or is it just a convenient
place to stash them for lookups?

BTW, it doesn't help that the third bullet on the proposal wiki page
(the one that start "In the course of processing...") is a bit
unintelligible.  What is "autoriship"?  I tried to put on my Jim
glasses, but they don't seem to be working for that paragraph. ;-)

The one piece I think I "get" is that a "use" might be modeled as a
connection, thus the security context for the duration of the connection
doesn't necessarily need to change, although there might be multiple
requests over that connection.

That said, for the most common connection-oriented protocols that
encapsulate multiple requests (eg. keepalive HTTP), you'll probably need
to reauth after every request over that connection anyway as new
credentials can always be presented with each new request.  As a result,
I'm having difficulty visualizing a system under which this might be
useful.  Even if the credentials are presented ahead of time and it
wasnt a multirequest protocol, the entire connection could be modeled as
a single (long) request, couldn't it?

> In a way, they are all the same thing. The proposal describes taking 
> various parts of the presentation and security systems, and putting them 
> together in a box called "a use". The "use" acts as a security context, 
> and contains principals and requests.

Would it be fair to say that a use is an object with an interface that
contains, in its simplest form, a single principal object and a single
request object?  And that the use has no responsibilities other than to
contain these two objects, and to allow the addition of additional
principals (for whatever reason) to itself?

- C





More information about the Zope3-dev mailing list