Tim, Denis, other database folks, On Sat, 16 May 2015 16:46:44 +0200 Tim Bruijnzeels <[email protected]> wrote:
> > The basic idea was to allow authorisation tokens in PERSON objects, > > Yes, the important point here is that the credentials are on PERSONs, > rather than in one anonymous blob that is today's MNTNER. Basically, I think of PERSON objects as reflecting contact information about someone in the real world. This has nothing to do with database administration. ROLE objects are a handy layer of indirection so that you can substitute a job function any place you need contact information. Again, nothing to do with database administration. MNTNER objects are the equivalent of a website login. They are a way to authenticate yourself to the database as a database user. They have nothing to do with contact information. ---- This seems pretty straightforward, but it does seem to confuse everyone. Possibly the confusion comes from the name? "Maintainer" doesn't really scream "this is how I authenticate myself, and what authorizations are attached to". I guess I'm fine with adding new authorization mechanisms to the database... compared to our existing mechanisms it doesn't make anything less secure. I do worry about it increasing the confusion rather than making things more straightforward though. :( Cheers, -- Shane
