I shall take that to heart, Tim. I certainly don't advocate complexity as it is corrosive to the systems that I love so dearly. In this particular case, I don't think that the issue is one of complexity v. simplicity (I would always come down on the side of simplicity), but whether the model is sufficiently flexible or (block your ears, John) elegant. The idea that groups ARE roles as you and Lee suggest simply does not provide the flexibility and maintainability that I want my applications to have. If the system works for you and Lee (as it obviously does), I don't want to impugn your decision to adopt the system.
At the risk of committing yet another logical fallacy (the appeal to authority), it might be noted that the overwhelming preponderance of work on security models distinguishes between permissions and roles. I find the idea of HAVING to create a user group when I want to assign a permission to an individual (especially an individual that already belongs to a group) to be too constrictive for my needs. This really has nothing to do with bits v. lists v. however else we might encode the information. It is, as Lee pointed out, a matter of ontology or, as I might put it, a decision about the kind of model world we create (my own definition of programming). In your and Lee's world, no such need to separate roles and permissions exists. I accept that. In Halworld, such a need does exist and I only ask that it not *immediately* be labeled with pejorative terms such as logical fallacies and complexity for complexity's sake. -----Original Message----- From: Tim Heald [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 10:37 PM To: [EMAIL PROTECTED] Subject: RE: secure tag and permissions Hal, Complexity, for complexities sake does not mean it is robust, nor does it mean it is better. Simplify, break it down and make it easy. Isn't that part of what Fusebox is teaching us? If I were building a machine, I would want as few moving pieces as possible, just very well made pieces. When you define a group you define it in such a way that it is symbolic of one specific role/ability sort of like you would design (sure to stir something up here) a fuse? A single group for a single action. Also this makes it much easier to relate to the physical world. I know what an article reader is. I mean sure, I am not as advanced as you and Lee, and maybe that's why I don't get the whole bit scheme. I will stick with something that has worked for me, and works well. Tim Heald ACP/CCFD Application Development www.schoollink.net -----Original Message----- From: BORKMAN Lee [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 6:39 PM To: '[EMAIL PROTECTED]' Subject: RE: secure tag and permissions Mate, now you are impugning my manhood! Not robust indeed! HAVE AT YOU!!! -----Original Message----- From: hal helms [mailto:[EMAIL PROTECTED]] I see your point, but simply don't find your model robust enough. Apparently, you find it works fine. I'm happy to leave it there. -----Original Message----- From: Lee Borkman [mailto:[EMAIL PROTECTED]] Now you are confusing UserGroups (independent of applications) with Roles (dependent on Applications). For shame! IMPORTANT NOTICE: This e-mail and any attachment to it is intended only to be read or used by the named addressee. It is confidential and may contain legally privileged information. No confidentiality or privilege is waived or lost by any mistaken transmission to you. If you receive this e-mail in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or use any part of this e-mail if you are not the intended recipient. The RTA is not responsible for any unauthorised alterations to this e-mail or attachment to it. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
