On 22 Aug 2004 at 17:26, david nicol wrote: > On Sun, 2004-08-22 at 08:22, David R. Baird wrote: > > > At the moment, I'm favouring something with Tree and ACL in it, plus > > something like MethodMaker to indicate the code-managing aspect. > > Maybe Perms instead of ACL, but ACL seems to be the standard > > terminology. > > ACL and groups are different competing way of skinning the same cat. > > in groups, you associate the capability with the group and list > the users with the capability in the group. > > with access control lists, every protected resource keeps a list > of users and privelege levels.
OK, that's very useful, so I'm building groups rather than ACLs. > Systems such as TACACS and RADIUS have whole languages for > creating processes that can answer authorization questions. For > that matter, so are firewall rules, .htaccess files, and > any section of any configuration file containing the words > "allow" or "deny." I'll have a look at these and bring my terminology into line. Moving towards something like Tree::Authz::Group. I'm not 100% sure of the Tree:: bit (although it is based on a tree structure), but I can't see where else it could fit in. d. -- Dr. David R. Baird Riverside Content Management Systems [EMAIL PROTECTED] http://www.riverside-cms.co.uk
