Paul, Thank for the response. It's making a little more sense. May I
suggest another name for "Security Reference"? It seems to me that
"Security Rule" might better convey what the Security Reference does. The
term "Rule" implies if-then-else logic. In the case of a Security Reference
an example might be:
If Role = "User" or Role = "Guest" Then
Allow Action = "View"
Dave
----- Original Message -----
From: "Paul Spencer" <[EMAIL PROTECTED]>
To: "Jetspeed Users List" <[EMAIL PROTECTED]>
Sent: Sunday, July 07, 2002 9:44 PM
Subject: Re: Security questions?
> David,
> See below.
>
> David wrote:
>
> > Hi,
> >
> > I'm trying to get a good understanding of the new security model.
> > I've read the security proposal (several times) and I've been
> > perusing the configuration files. There are a couple of things I'm
> > not clear on. These are the things that are obvious to me.
> >
> > 1) there is a many-to-many relationship between users and roles
> Yes, although this is dictated by the implementation. In the case of
> the implementation distributed with Jetspeed, their is many-to-many
> relationship between users and roles.
>
> >
> > 2) there is a many-to-many relationship between roles and permissions
> Yes, although this is dictated by the PortalAuthentication
> implementation. In the case of the registry implementation distributed
> with with Jetspeed, their is many-to-many relationship between roles and
> actions. For a security reference, you can define actions based on
> roles and users.
>
> >
> > But I'm not clear on what is the definition of a "Security ID"? How
> > is it really different from a role?
> A security ID, also called called a security reference, describes
> allowable actions for specific users and roles. See the "default"
> security entry in security.xreg for an example of a security-entry that
> grants different actions based on and role.
>
> > Also, what is the difference
> > between actions and permissions. It seems like they are the same
> > thing.
> Yes, action and permissions are the same.
>
> > And is it true that groups are not implemented with this
> > new security model?
> Not completely true, although I do now know the complete answer to this
> question.
>
> >
> > Thanks
> >
> > -Dave
> >
> >
>
> Paul Spencer
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
