Paul, Then the <security-entry> really does represent a "rule".
Another question, in the registry config files that come with the current build the portlet entries have both a <security role="??"/> entry and a <security-ref parent="??"> entry. I would have thought the role attribute would have went away? Is it still used somehow? Also, in the <allow-if> tag in the security.xreg what are the allowable attributes? Is role the only one thats implemented? Are there thoughts to implement for other registry resources such as skins, controls, and controllers? Dave ----- Original Message ----- From: "Paul Spencer" <[EMAIL PROTECTED]> To: "Jetspeed Users List" <[EMAIL PROTECTED]> Sent: Sunday, July 07, 2002 11:14 PM Subject: Re: Security questions? > David, > The tag <security-ref parent="abx"> references the <security-entry > name="abx"> in the registry. In addition the <security-ref> does not > define the "rules", this is done by the <security-entry>. This also > allows a <security-entry> to be use many times, by way of the > <security-ref>. > > Paul Spencer > > David wrote: > > > Paul, Thank for the response. It's making a little more sense. May I > > suggest another name for "Security Reference"? It seems to me that > > "Security Rule" might better convey what the Security Reference does. The > > term "Rule" implies if-then-else logic. In the case of a Security Reference > > an example might be: > > > > If Role = "User" or Role = "Guest" Then > > Allow Action = "View" > > > > Dave > > > > ----- Original Message ----- > > From: "Paul Spencer" <[EMAIL PROTECTED]> > > To: "Jetspeed Users List" <[EMAIL PROTECTED]> > > Sent: Sunday, July 07, 2002 9:44 PM > > Subject: Re: Security questions? > > > > > > > >>David, > >>See below. > >> > >>David wrote: > >> > >> > Hi, > >> > > >> > I'm trying to get a good understanding of the new security model. > >> > I've read the security proposal (several times) and I've been > >> > perusing the configuration files. There are a couple of things I'm > >> > not clear on. These are the things that are obvious to me. > >> > > >> > 1) there is a many-to-many relationship between users and roles > >>Yes, although this is dictated by the implementation. In the case of > >>the implementation distributed with Jetspeed, their is many-to-many > >>relationship between users and roles. > >> > >> > > >> > 2) there is a many-to-many relationship between roles and permissions > >>Yes, although this is dictated by the PortalAuthentication > >>implementation. In the case of the registry implementation distributed > >>with with Jetspeed, their is many-to-many relationship between roles and > >>actions. For a security reference, you can define actions based on > >>roles and users. > >> > >> > > >> > But I'm not clear on what is the definition of a "Security ID"? How > >> > is it really different from a role? > >>A security ID, also called called a security reference, describes > >>allowable actions for specific users and roles. See the "default" > >>security entry in security.xreg for an example of a security-entry that > >>grants different actions based on and role. > >> > >> > Also, what is the difference > >> > between actions and permissions. It seems like they are the same > >> > thing. > >>Yes, action and permissions are the same. > >> > >> > And is it true that groups are not implemented with this > >> > new security model? > >>Not completely true, although I do now know the complete answer to this > >>question. > >> > >> > > >> > Thanks > >> > > >> > -Dave > >> > > >> > > >> > >>Paul Spencer > >> > >> > >>-- > >>To unsubscribe, e-mail: > >> > > <mailto:[EMAIL PROTECTED]> > > > >>For additional commands, e-mail: > >> > > <mailto:[EMAIL PROTECTED]> > > > >> > > > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
