Just to add to what Nando mentioned. Once you understand how the
"keyring" works, you will at somepoint need to structure your DB to allow for
the key ring concept to be stored. I would toss in looking at Joe Celko's nested
set model. You get into the concepts of users, roles, and permissions where the
permissions can be represented by a "key" for your key ring then boolean values
to denote whether it is on or off. Just a little added note to the conversation
:-)
Michael T. Tangorre
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nando
Sent: Friday, January 21, 2005 10:07 AM
To: [email protected]
Subject: RE: [CFCDev] OO SecurityI really like Hal's conceptual model of permissions. He has an article on his site, i believe, that presents it in terms of a set of keys. Whatever their role, users are either given a key or not to use a function in the application.What that becomes then is a PermissionKey set of boolean values, or a KeyRing. So rather than the abstract concept Security ... KeyRing is a more solid concept to start building an OO model from.I use this conceptual model and i really like it. Keys can be added or removed very easily from the system. And it's very flexible. A user can be assigned a permission that would out of the ordinary for their role - and as Hal points out in his article, that tends to happen in real life scenarios fairly often.-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jeff Chastain
Sent: Friday, January 21, 2005 3:29 PM
To: [email protected]
Subject: [CFCDev] OO SecurityHow does one go about build a security framework using an object oriented approach? The question I am getting at is that 'security' is not an object in the same sense that a user or a document is an object.So, does a user object have an authenticate method that accepts a username and password? Something about this does not seem right.Along the same lines, does a document object have an authorize method that accepts a user or group to determine if they have access?So, how does one handle security using an object oriented approach?Thanks-- Jeff
