David, The tag <security-ref parent="abx"> references the <security-entry name="abx"> in the registry. In addition the <security-ref> does not define the "rules", this is done by the <security-entry>. This also allows a <security-entry> to be use many times, by way of the <security-ref>.
Paul Spencer David wrote: > Paul, Thank for the response. It's making a little more sense. May I > suggest another name for "Security Reference"? It seems to me that > "Security Rule" might better convey what the Security Reference does. The > term "Rule" implies if-then-else logic. In the case of a Security Reference > an example might be: > > If Role = "User" or Role = "Guest" Then > Allow Action = "View" > > Dave > > ----- Original Message ----- > From: "Paul Spencer" <[EMAIL PROTECTED]> > To: "Jetspeed Users List" <[EMAIL PROTECTED]> > Sent: Sunday, July 07, 2002 9:44 PM > Subject: Re: Security questions? > > > >>David, >>See below. >> >>David wrote: >> >> > Hi, >> > >> > I'm trying to get a good understanding of the new security model. >> > I've read the security proposal (several times) and I've been >> > perusing the configuration files. There are a couple of things I'm >> > not clear on. These are the things that are obvious to me. >> > >> > 1) there is a many-to-many relationship between users and roles >>Yes, although this is dictated by the implementation. In the case of >>the implementation distributed with Jetspeed, their is many-to-many >>relationship between users and roles. >> >> > >> > 2) there is a many-to-many relationship between roles and permissions >>Yes, although this is dictated by the PortalAuthentication >>implementation. In the case of the registry implementation distributed >>with with Jetspeed, their is many-to-many relationship between roles and >>actions. For a security reference, you can define actions based on >>roles and users. >> >> > >> > But I'm not clear on what is the definition of a "Security ID"? How >> > is it really different from a role? >>A security ID, also called called a security reference, describes >>allowable actions for specific users and roles. See the "default" >>security entry in security.xreg for an example of a security-entry that >>grants different actions based on and role. >> >> > Also, what is the difference >> > between actions and permissions. It seems like they are the same >> > thing. >>Yes, action and permissions are the same. >> >> > And is it true that groups are not implemented with this >> > new security model? >>Not completely true, although I do now know the complete answer to this >>question. >> >> > >> > Thanks >> > >> > -Dave >> > >> > >> >>Paul Spencer >> >> >>-- >>To unsubscribe, e-mail: >> > <mailto:[EMAIL PROTECTED]> > >>For additional commands, e-mail: >> > <mailto:[EMAIL PROTECTED]> > >> > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
