Hi, [ single, 'role based' interface ] > As we are currently moving a lot of stuff to the database - whats about > moving the acl too ? I think we can build the XML Tree for the current > acl implemenations from the database to keep backwards compatibility, > but we enable a lot of fancy querys on the stuff.... > > As the whole management frontend for the roles is not really what I call > perfect we dont loose to much work here....
from our point of view the current system is perfectly OK, the roles of the individual users are comparatively static. Same goes for the actions to be performed for each 'interface'. I think the major gain of your approach is that you are not limited in what you can build with OpenCA (concerning the user interface). In the extreme, each user could have a different interface, but I doubt that this is what people want... :-) >From a technical point of view, pulling the ACLs and role definitions into the database will speed things up, of course, but we will also have to implement a new frontend for administering the ACLs in the database. Currently it is vi and some XML files. In a former project I worked on a middleware application whose sole purpose was to implement a role based authentication/authorization service. We modeled everything in the database and though it seemed to be quite easy at the beginning of the project, we soon learned that the task was much more complicated than we initially thought. We also had to struggle with performance problems because of SQL subqueries, inefficient joins etc. (On the other hand, this was a really complicated system whose sole purpose was to administer a role based authorization service, it is surely different if a simpler approach is implemented.) So if we are doing this, the design must be very clean and focused on performance. Just my thoughts, Martin ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
