[Zope3-dev] RFC: Unification of requests and security contexts through Use

[Steve Alexander]

>>Security is related not just to principals, but also to what they are 
>>trying to do. Maybe you're allowed to draw pictures, and I'm not allowed 
>>to draw pictures, but I am allowed to watch you drawing pictures.
>>
>>So, the security policy allows your principal the "draw pictures" 
>>permission, and my principal the "watch pictures being drawn" 
>>permission. 
> 
> 
> This I understand.
> 
> 
>>Provided our use of the system is limited to you drawing and 
>>me watching, we'll be allowed to do what we're trying to do.
> 
> 
> It'd also work if you're allowed to draw too, right? The word 'limited'
> doesn't sound right.

I said above "Maybe you're allowed to draw pictures, and I'm not allowed 
to draw pictures, but I am allowed to watch you drawing pictures.". What 
I should have said is "Maybe you have permission to draw pictures...". 
That is, I used "allowed" whereas I should have said "have permission to".

So, considering what I meant rather than what I said, I think the word 
"limited" makes more sense.


> Provided the system allows me drawing and you watching, we'll be allowed to
> do what we're trying to do.
> 
> Is there a single use allowing both? Is this the special thing? Otherwise I'd
> simply call it 'permission'; provided we both have the right permission.

Sure. One point of the Use is to keep track of what principals have been 
doing what things, so that the security policy can decide what is 
allowed and what is not allowed. Here's another example -- perhaps 
you're only allowed to draw pictures while I am watching you do so.

Or for a more realistic example, perhaps a child is allowed to use 
knives in the kitchen only when an adult is watching them do so.

--
Steve Alexander