New submission from Will Seaver <>:

p. 172: " applications such as "CMS" systems where fine-graned access is
required on an object-by-object basis." What is CMS?

p. 173: "For example, the authentication.RepozeWho1AuthenticationPolicy enabled
by the repozewho1authenticationpolicy ZCML directive respects group information
if you configure it with a callback." What is a callback?

p. 174: "The ALL_PERMISSIONS object is actually a stand-in object that has a
__contains__ method that always returns True, which, for all known authorization
policies, has the effect of indicating that a given principal "has" any
permission asked for by the system." This seems to be useful for creating an
"admin" class of user(s). Am I getting this right?

175: Under the ACL following:

__acl__ = [ (Allow, 'fred', 'view'), DENY_ALL ]

Does this mean that only one person is allowed to view the application, and that
all others are forbidden?

p. 177: in the sample authtktauthenticationpolicy given:

3. callback=".somemodule.somefunc"

Is this module representative of a, or perhaps a or is it
representative of another kind of security-related module?

p. 178: How does the mere presence of <aclauthorizationpolicy/> in a ZCML config
file enable an authorization policy?

p. 179: "An authentication policy the policy that allows or denies..." should be
"is the policy that allows or denies..."

p. 179: "For example, it might be desirable to construct an alternate
authorization policy which allows the application to use an authorization
mechanism that does not involve ACL objects." What are the circumstances under
which such a policy would be desirable?

messages: 360
nosy: kwseaver
priority: wish
status: unread
title: chapter 15
topic: bfg book

Repoze Bugs <>
Repoze-dev mailing list

Reply via email to