On Wed, Jul 28, 2010 at 11:50 AM, Justin Ryan wrote:
> I've spent a lot of energy in this space recently, trying to combine wisdom > from Philipp and Stephan's books, Grok docs, etc.. > > There definitely seems to be conventional wisdom not well expressed, and > I'd like to change that. > > I'm working on a simple addon which, when included properly into a default > BlueBream paster template, sets up pau and complements the default security > policy well, but I'd also like to contribute some documentation helping to > centralize the tomes of info i picked through to do what is really very > simple. > > And I have a rich understanding of principals, roles, permissions.. > > > On Wed, Jul 28, 2010 at 12:59 AM, Baiju M <[email protected]> wrote: > >> Hi All, >> I think one of the important missing document is >> about the default security policy in BB. >> >> We are defining security policy in the "securitypolicy.zcml" file. >> By default this file resides inside the project source >> directory. For example, if the project name is "tc.main", >> the security configuration file will be in this path: >> "src/tc/main/securitypolicy.zcml" >> The security policy configuration file is included from >> the main "configure.zcml" which is residing in the >> same directory. >> >> We need to explain:- >> >> - What is security policy ? >> - A brief overview of Principal/Role/Permission concepts >> used in the default security policy. >> - A brief overview of the default security policy and its intent. >> We should mention that what is given there in "securitypolicy.zcml" >> is a sample file, which is recommended to change. >> In fact we have already have comment like this at the >> beginning of that file: >> <!-- This file contains sample security policy definition --> >> - Explain each ZCML directives related to security policy >> (securityPolicy, unauthenticatedPrincipal, unauthenticatedGroup >> authenticatedGroup, everybodyGroup, role, grant, principal) >> - Brief overview of each definition in the file (securitypolicy.zcml) >> May be this can be combined with the previous part. >> - Explain how to add new permissions, roles >> Reccomentation for naming ID -- there should be "." character >> in the ID -- URL can be used as ID but not commonly used. >> - Mention that HTTP basic authentication will be used by >> default (how it is coming ?) -- mention the other chapted >> about PAU (which is yet to be created) >> >> Now I think, this chapter can be named as "Basic Security" >> and incorporate content from here: >> http://wiki.zope.org/bluebream/BasicSecurity >> (Based on Stephan Richter's book) >> Or we can have a chapter on BasicSecurity and >> documentation about default security policy >> could be another chapter. >> >> May be we can include a *sidebar* about security framework >> used to build the BB security - Checkers, Proxies etc. >> (http://pypi.python.org/pypi/zope.security) >> >> We should have a separate chapter on PAU. >> And it should be mentioned from here as the >> next step. We need think more about >> this chapter :) >> >> If anyone want to work on this introductory chapter on >> BB security, please let me know. >> >> Please suggest if any other topic need to be covered. >> >> BTW, I have added a ticket for this: >> http://wiki.zope.org/bluebream/14DefaultSecurityPolicy >> >> Regards, >> Baiju M >> _______________________________________________ >> bluebream mailing list >> [email protected] >> https://mail.zope.org/mailman/listinfo/bluebream >> > >
_______________________________________________ bluebream mailing list [email protected] https://mail.zope.org/mailman/listinfo/bluebream
