There was some discussion on irc about the security model so I wrote up this description for review by everyone.
http://docs.codehaus.org/display/CONTINUUM/Straight+Role+Based+Access+Control It doesn't have implementation details in it, it is just an attempt at drawing together the different concepts we have been talking about together so we can agree on 'what we want' and then we can focus on 'how to do it'. personally, I think this basic idea could go into plexus (if it isn't already there with jason's rbac stuff) pretty smoothly and then have different implementations like carlo's acegi stuff... but anyway, please review the above and comment cheers! jesse On 7/18/06, Brett Porter <[EMAIL PROTECTED]> wrote:
I've added my comments. I don't think we need domain ACLs - it's an interesting concept but it also worries me a little to have security as an afterthought - it's intrinsic to the design of the code in some ways (surely if you only want to give one person access to a subset of the data you also want to avoid going ahead and retrieving the data in the first place). Perhaps I misunderstand it's intent. So, where are we at with this? I don't think its healthy to keep a branch for too long on something so fundamental as it'll become hard to merge back in, but is Acegi proving to be both non-intrusive and capable of doing what we need? What state is it in? - Brett On 11/07/2006 8:41 AM, Carlos Sanchez wrote: > http://docs.codehaus.org/display/CONTINUUM/Security > > Please take a look and provide feedback on the semantics of what to > secure and to what level. > -- Apache Maven - http://maven.apache.org/ Better Builds with Maven - http://library.mergere.com/
-- jesse mcconnell [EMAIL PROTECTED]