RE: [CFCDev] OO Security

[Brian Kotek]

Nando, do you happen to have any examples of this that you could post up or email to me? I’ve read Hal’s article but I’d be interested to see a working version of it.   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nando Sent: Friday, January 21, 2005 10:07 AM To: cfcdev@cfczone.org Subject: RE: [CFCDev] OO Security   I really like Hal's conceptual model of permissions. He has an article on his site, i believe, that presents it in terms of a set of keys. Whatever their role, users are either given a key or not to use a function in the application.   What that becomes then is a PermissionKey set of boolean values, or a KeyRing. So rather than the abstract concept Security ... KeyRing is a more solid concept to start building an OO model from.   I use this conceptual model and i really like it. Keys can be added or removed very easily from the system. And it's very flexible. A user can be assigned a permission that would out of the ordinary for their role - and as Hal points out in his article, that tends to happen in real life scenarios fairly often. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jeff Chastain Sent: Friday, January 21, 2005 3:29 PM To: cfcdev@cfczone.org Subject: [CFCDev] OO Security How does one go about build a security framework using an object oriented approach?  The question I am getting at is that 'security' is not an object in the same sense that a user or a document is an object.   So, does a user object have an authenticate method that accepts a username and password?  Something about this does not seem right.   Along the same lines, does a document object have an authorize method that accepts a user or group to determine if they have access?   So, how does one handle security using an object oriented approach?   Thanks -- Jeff