Re: [Zope3-dev] RFC: Rename principal to participant, my 2p ;-)
Philipp von Weitershausen wrote: - BUT, given that it's a big change and likely invalidates a lot of dead tree material, I'd suggest we just stick with principal and be done with it ;-) If that last point were the doctrine by which previous refactorings had to be undertaken (e.g. the refactoring of the Component Architecture), we would still be stuck with services and other antiquated concepts. I'd hardly call them antiquated. I agree that early on in a project, the freedom to change and refactor freely is great, but at some point, when you want lots of people to adopt your project, you need to slow down and stop making wide ranging changes unless you really really need to. In this case, it's a largely cosmetic change that doesn't do anything except invalidate a whole load of documentation ;-) cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant, my 2p ;-)
Chris Withers wrote: Philipp von Weitershausen wrote: - BUT, given that it's a big change and likely invalidates a lot of dead tree material, I'd suggest we just stick with principal and be done with it ;-) If that last point were the doctrine by which previous refactorings had to be undertaken (e.g. the refactoring of the Component Architecture), we would still be stuck with services and other antiquated concepts. I'd hardly call them antiquated. I agree that early on in a project, the freedom to change and refactor freely is great, but at some point, when you want lots of people to adopt your project, you need to slow down and stop making wide ranging changes unless you really really need to. This attitude has left us with Zope 2 where it is. I really hope that we Zope 3 developers won't ever be too tired to tackle even serious refactorings -- if they work out for the better, of course. However, when I look at recent refactorings, and even just the fact that deprecating things is easy and much less pain that it was before, thanks to Stephan's zope.deprecation, I'm pretty confident and needn't worry. In this case, it's a largely cosmetic change that doesn't do anything except invalidate a whole load of documentation ;-) You're right about this being largely cosmetic. But I disagree that this means it's not worth to invalidate lots of docs. The reason I proposed the name change was for the sake of docs. So, changing the docs was actually one of my intentions :). Anyway, I think the discussion has reached a point where I can safely withdraw my proposal. Thanks to everyone for their valuable comments. I must say I feel better about principal now. Not the word itself, but the way we use it and the fact that it's used by others. Proper translations remain to be found... Philipp ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Steve Alexander wrote: I think so too. But I whould not try to explain a PAU (pluggable authentication utility) without to use the word principal. I think using the words user or participant for a principal in this case is not a good idea. Perhaps the scope of the PUA can be extended to have a plug-in factory for User objects, and to make the current User easily available inside page templates and other presentation code. People who wish to use[1] the PUA would define their own User class, which could be as simple as taking the principal id, but would often be more complex according to the needs of their application. Some abstractions to deal with user objects (which for instance can have an email address to name a common case) in Zope 3 would indeed be useful. I found I had to build my own already. Note that such user objects (or group objects) in applications are frequently content objects and are accessible through content space. I think in Zope 2 terms this entity may be called 'member'... The wrong way to go about this is to store user information somewhere under ++etc++, as that isn't content space in my book and I don't want to expose end users (that need to do user management sometimes) to anything in ++etc++. (it's okay to store low-level user information in ++etc++, as at is now, but no extensible user info with extra information like email addresses, etc, I think). Regards, Martijn ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
If not that, we can at least make the weaker case that no Zope 3 *UI* user (whether it's the ZMI or something built on top of it) ordinarily should have to know about 'principals'. I agree with that. -- Steve Alexander ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Note that such user objects (or group objects) in applications are frequently content objects and are accessible through content space. I think in Zope 2 terms this entity may be called 'member'... In Launchpad, we have a Person table in the database. Data from there are converted into objects, and used in the application. These are Person objects. The user for a given request is a Person object. It is the Person object representing the user who is identified as using the system in that thread at that time. Here we go... some docs from the Launchpad wiki: https://wiki.launchpad.canonical.com/UserPersonPrincipal The wrong way to go about this is to store user information somewhere under ++etc++, Sorry for the crudeness, but ++etc++ makes me want to barf. Have an etc stuff web server running on a different port, with a different root traversal resource. Don't make it part of the web app that you show to users. You'll just want to turn it off later on. as that isn't content space in my book and I don't want to expose end users (that need to do user management sometimes) to anything in ++etc++. (it's okay to store low-level user information in ++etc++, as at is now, but no extensible user info with extra information like email addresses, etc, I think). -- Steve Alexander ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Philipp von Weitershausen wrote: Martijn suggests to just use user. I can live with that. The reason why I didn't propose that is because I thought people still valued the abstraction of a principal as opposed to the physical person. I don't need it and all those Unix users out there don't seem to need it either... +1 on user. Actually for Russian translation I've used user anyway since I didn't find another good translation for principal. -- Dmitry Vasiliev (dima at hlabs.spb.ru) http://hlabs.spb.ru ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Roger Ineichen wrote: Hi principals *shrug* I'm a user :). Since principal doesn't seem to be a common term in IT speak either, translators repeatedly have their problems with it. In German, for example, we came up with Nutzungsberechtigter which is just an arbitrary choice and doesn't even fit all aspects of principal. It's still a good choice for now because if we had chosen to literally translate it as Prinzipal, noone would even be close to understanding what we meant. Sebastien Douche seemed to have the same problem regarding the French translation, as he told us on IRC today. There just aren't good native words that translate principal well enough, let alone a good literal translation. I don't agree Principal is a common term in IT security. Since we use a principal based security system, (perhaps there are other ones) we have to use the right name for this principal. The reason you give (we use the principal concept, so we have to call it 'principal') is the most obvious one and at the same time the most unsatisfying because it doesn't justify the word itself. Maybe there are other terms for the concept? Perhaps it is helpful to describe what a principal really are. A principal object represents the security context of the user on whose behalf the code is running, including the user's identity, groups and roles to which they belong. That's a good definition, thank you. Which source are you quoting from? So, I would like to give principal a better name. How about participant? After all, a principal _participates_ in an interaction through a participation (e.g. an HTTP request). Participant should also be pretty easy to translate: it's a common word, especially outside IT vocubulary, which means chances are good to find appropriate native translations for it. No, no, a participant is not a principal. See the wfmc workflow implementation. Participants are used for participate on a process task. Participants don't even know how to login. Participants are more like a role in some use cases. I did not realize that WFMC also has the understanding of a participant. That's obviously a strong point against that word. As I've said before, I'm not locked into participant; all I wanted is my criticism to be constructive... I think there is no way to rename principal to participant since they are totaly different components. I never wanted to mix up security and WFMC concepts. I wasn't even aware of the latter. You're comparing apples and oranges here. (Note that the point of finding translations for technical terms is not only for the sake of a translated Zope 3 UI. It's more about how people understand technical terms. I think most Zope 3 developers aren't native English speakers and they do not necessarily think in English. So, good words that have good native translations help the understanding process on their end. That is not only important for _learning_ a concept, but also for _explaining_ it. As a book author, I know what I'm talking about... :)) I think you are right here. It's not easy to explain a security concept. Perhaps we have to collect some good documentation from other principal based security concept and see how they describe this part. I agree. I very much like the definition you quoted above. Apart from that, I wish we could find a good pattern for translating principal. Quoting the English term should be our last option. I wonder, for example, which term French speakers use when they *talk* to each other about principals... French is known to be very conservative when it comes to introducing English words to itself. Philipp ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
On 9/13/05, Philipp von Weitershausen [EMAIL PROTECTED] wrote:
Perhaps it is helpful to describe what a principal really are.
A principal object represents the security context of the user on whose
behalf the code is running, including the user's identity, groups and
roles to which they belong.
That's a good definition, thank you. Which source are you quoting from?
Yes, this definition is very useful.
I think you are right here. It's not easy to explain a security concept.
Perhaps we have to collect some good documentation from other principal
based security concept and see how they describe this part.
I agree. I very much like the definition you quoted above. Apart from
that, I wish we could find a good pattern for translating principal.
Quoting the English term should be our last option. I wonder, for
example, which term French speakers use when they *talk* to each other
about principals... French is known to be very conservative when it
comes to introducing English words to itself
Principal is used in law, finance, education, art, social economics...
All french translations aren't good for zope3. Using 'Principal' is
another option but it is also a french word ('main', 'the main thing')
: source of confusion. Currently, I don't know what to do. Another
difficult word is credentials.
--
Sébastien Douche [EMAIL PROTECTED]
___
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Philipp von Weitershausen wrote: Martijn suggests to just use user. I can live with that. The reason why I didn't propose that is because I thought people still valued the abstraction of a principal as opposed to the physical person. I don't need it and all those Unix users out there don't seem to need it either... Dmitry Vasiliev wrote: +1 on user. Actually for Russian translation I've used user anyway since I didn't find another good translation for principal. I'm -1 on user. In Launchpad, the concepts of User and Principal are quite different. For example, a principal that represents a particular user accessing the web application is different from the principal that represents that same user accessing Launchpad via gpg signed email. In Launchpad, request.principal is not used by the application programmers. It is used only by the authentication, authorization and publication machinery. The machinery looks up a Person (an application domain object) for the current principal (the participant, if you will) and makes this available to application code. So, application code deals with an application-level object, not some security system construct. Maybe in some simple systems it is good to conflate the concepts of user and principal. Making the principal available from the request in zope3 encourages this. But, I think that it is not good application design, and it does not make for clear abstractions. -- Steve Alexander ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
RE: [Zope3-dev] RFC: Rename principal to participant
Hi Philipp Regards Roger Ineichen Projekt01 GmbH www.projekt01.ch _ END OF MESSAGE -Original Message- From: Philipp von Weitershausen [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 13, 2005 9:31 AM To: [EMAIL PROTECTED] Cc: zope3-dev@zope.org; 'Stephan Richter' Subject: Re: [Zope3-dev] RFC: Rename principal to participant [...] Perhaps it is helpful to describe what a principal really are. A principal object represents the security context of the user on whose behalf the code is running, including the user's identity, groups and roles to which they belong. That's a good definition, thank you. Which source are you quoting from? Perhaps yo have to use a internet explorer for reading this ;-) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/ frlrfsystemsecurityprincipaliprincipalclasstopic.asp Regards Roger Ineichen ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Steve Alexander wrote: In Launchpad, request.principal is not used by the application programmers. It is used only by the authentication, authorization and publication machinery. The machinery looks up a Person (an application domain object) for the current principal (the participant, if you will) and makes this available to application code. So, application code deals with an application-level object, not some security system construct. It sounds like you're saying only the security machinery should know about principals, and that everything else deals with users. If so, it should not be necessary for any Zope 3 developer to learn about principals unless they are writing security machinery. Is that right? Shane ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
On 9/13/05, Shane Hathaway [EMAIL PROTECTED] wrote: It sounds like you're saying only the security machinery should know about principals, and that everything else deals with users. If so, it should not be necessary for any Zope 3 developer to learn about principals unless they are writing security machinery. Is that right? That sounds sublimely reasonable to me. ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Shane Hathaway wrote: Steve Alexander wrote: In Launchpad, request.principal is not used by the application programmers. It is used only by the authentication, authorization and publication machinery. The machinery looks up a Person (an application domain object) for the current principal (the participant, if you will) and makes this available to application code. So, application code deals with an application-level object, not some security system construct. It sounds like you're saying only the security machinery should know about principals, and that everything else deals with users. If so, it should not be necessary for any Zope 3 developer to learn about principals unless they are writing security machinery. Is that right? You need to know about principals if you are writing security machinery, or if you are writing the thing that maps principals to whatever passes for users in your application. What typically happens is, the request contains credentials. The principal represents the fact that those credentials have been checked and found to be ones that the system knows about. It also represents the type of credentials, for example, how much you trust them. This in turn maps to the concept of a user accessing your system. credential - principal - user The Zope 3 framework can take care of the credentials and principals. The users are application-specific. A content management system for Zope 3 would have its own concept of what a user is, but still use the Zope 3 concepts and implementations of principal and credential. A room booking and timetabling system may have a different concept of a user, as a user may well be a specific instance of a content object such as a person (who is a bookable resource). -- Steve Alexander ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
RE: [Zope3-dev] RFC: Rename principal to participant
Hi Shane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shane Hathaway Sent: Tuesday, September 13, 2005 7:34 PM To: Steve Alexander Cc: [EMAIL PROTECTED] Subject: Re: [Zope3-dev] RFC: Rename principal to participant Steve Alexander wrote: In Launchpad, request.principal is not used by the application programmers. It is used only by the authentication, authorization and publication machinery. The machinery looks up a Person (an application domain object) for the current principal (the participant, if you will) and makes this available to application code. So, application code deals with an application-level object, not some security system construct. It sounds like you're saying only the security machinery should know about principals, and that everything else deals with users. If so, it should not be necessary for any Zope 3 developer to learn about principals unless they are writing security machinery. Is that right? I think so too. But I whould not try to explain a PAU (pluggable authentication utility) without to use the word principal. I think using the words user or participant for a principal in this case is not a good idea. Regards Roger Ineichen Projekt01 GmbH www.projekt01.ch _ END OF MESSAGE Shane ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/dev%40projekt01.ch ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
I think so too. But I whould not try to explain a PAU (pluggable authentication utility) without to use the word principal. I think using the words user or participant for a principal in this case is not a good idea. Perhaps the scope of the PUA can be extended to have a plug-in factory for User objects, and to make the current User easily available inside page templates and other presentation code. People who wish to use[1] the PUA would define their own User class, which could be as simple as taking the principal id, but would often be more complex according to the needs of their application. -- Steve Alexander [1] Desperately trying to avoid using the term user there. ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Philipp von Weitershausen wrote: (Note that the point of finding translations for technical terms is not only for the sake of a translated Zope 3 UI. It's more about how people understand technical terms. I think most Zope 3 developers aren't native English speakers and they do not necessarily think in English. So, good words that have good native translations help the understanding process on their end. That is not only important for _learning_ a concept, but also for _explaining_ it. As a book author, I know what I'm talking about... :)) The word principal has always bugged me because: 1) I can't recall ever seeing anyone get confused about the word user. In conventional usage, the word user gained the general meaning intended by principal long ago. Technologists already understand perfectly well that a user isn't always a person. 2) It's a new word for nearly all technologists (excepting security gurus, perhaps.) 3) Philosophically, it's impossible for Zope to know whether there's really a person on the other end. Thus what Zope calls a user is sometimes really only a principal. 4) It's one of the more difficult words to spell correctly, being a homonym with principle. Now you've added a fifth reason to drop the word principal, and IMHO it's an excellent one. Shane ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
It seems the word Principal is ubiquitous in security-related software: see Microsoft dot Net Principal [1] java.security.Principal Kerberos [2] GSS API [1] http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecurityprincipal.asp [2] http://web.mit.edu/kerberos/www/krb5-1.4/krb5-1.4.2/doc/krb5-user/What-is-a-Kerberos-Principal-.html There are lots of other examples of its use. Just do a google search for security principal I think we should be careful before departing from common terms for API concepts lest we violate the principle of least surprise ;-) --Craeg Philipp von Weitershausen wrote: Hi there, while I very much like Zope 3's understanding security and abstract concepts of interactions, participations, and principals, I've never really grown to love the word principal. It might be easier to understand for native speakers, but I've certainly had problems to grok and remember(!) its meaning from the word alone. Interaction and participation are much easier to understand right away. Since principal doesn't seem to be a common term in IT speak either, translators repeatedly have their problems with it. In German, for example, we came up with Nutzungsberechtigter which is just an arbitrary choice and doesn't even fit all aspects of principal. It's still a good choice for now because if we had chosen to literally translate it as Prinzipal, noone would even be close to understanding what we meant. Sebastien Douche seemed to have the same problem regarding the French translation, as he told us on IRC today. There just aren't good native words that translate principal well enough, let alone a good literal translation. So, I would like to give principal a better name. How about participant? After all, a principal _participates_ in an interaction through a participation (e.g. an HTTP request). Participant should also be pretty easy to translate: it's a common word, especially outside IT vocubulary, which means chances are good to find appropriate native translations for it. (Note that the point of finding translations for technical terms is not only for the sake of a translated Zope 3 UI. It's more about how people understand technical terms. I think most Zope 3 developers aren't native English speakers and they do not necessarily think in English. So, good words that have good native translations help the understanding process on their end. That is not only important for _learning_ a concept, but also for _explaining_ it. As a book author, I know what I'm talking about... :)) Hope to hear some comments, Philipp ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
On Monday 12 September 2005 12:31, Philipp von Weitershausen wrote: So, I would like to give principal a better name. How about participant? After all, a principal _participates_ in an interaction through a participation (e.g. an HTTP request). Participant should also be pretty easy to translate: it's a common word, especially outside IT vocubulary, which means chances are good to find appropriate native translations for it. This is not true. A group is also a principal, but a group does not participate in an interaction. BTW, I think Jim took those terms from established security patterns. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Stephan Richter wrote: On Monday 12 September 2005 12:31, Philipp von Weitershausen wrote: So, I would like to give principal a better name. How about participant? After all, a principal _participates_ in an interaction through a participation (e.g. an HTTP request). Participant should also be pretty easy to translate: it's a common word, especially outside IT vocubulary, which means chances are good to find appropriate native translations for it. This is not true. A group is also a principal, but a group does not participate in an interaction. BTW, I think Jim took those terms from established security patterns. Regards, Stephan From an end user point of view, the use of principal can be confusing. But for developers, it is common to use principal. For example both in .NET and Java, principal is being used as term for user. See for example: http://www.gotdotnet.com/team/clr/about_security.aspx and http://www.samspublishing.com/articles/article.asp?p=28496rl=1 Marc ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Marc Rijken wrote: Stephan Richter wrote: On Monday 12 September 2005 12:31, Philipp von Weitershausen wrote: So, I would like to give principal a better name. How about participant? After all, a principal _participates_ in an interaction through a participation (e.g. an HTTP request). Participant should also be pretty easy to translate: it's a common word, especially outside IT vocubulary, which means chances are good to find appropriate native translations for it. This is not true. A group is also a principal, but a group does not participate in an interaction. Why not? At least zope.security.interfaces.IGroup extends IPrincipal so it looks like it was supposed to... From an end user point of view, the use of principal can be confusing. But for developers, it is common to use principal. For example both in .NET and Java, principal is being used as term for user. See for example: http://www.gotdotnet.com/team/clr/about_security.aspx and http://www.samspublishing.com/articles/article.asp?p=28496rl=1 Thank you for those links. I should have done some more research. The motivation for my proposal doesn't change, though: I still think that principal is an unfit term. I have given several reasons that are still true and Shane has amended that list with some more that I can mostly identify with as well. So far (and that includes consulting clients, for example) I haven't found nodding and broad understanding when I talked about principals. More than often, I got a what's that? a principal? never heard that. Martijn suggests to just use user. I can live with that. The reason why I didn't propose that is because I thought people still valued the abstraction of a principal as opposed to the physical person. I don't need it and all those Unix users out there don't seem to need it either... Philipp ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
Craeg Strong wrote: It seems the word Principal is ubiquitous in security-related software: see Microsoft dot Net Principal [1] java.security.Principal Kerberos [2] GSS API [1] http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecurityprincipal.asp [2] http://web.mit.edu/kerberos/www/krb5-1.4/krb5-1.4.2/doc/krb5-user/What-is-a-Kerberos-Principal-.html There are lots of other examples of its use. Just do a google search for security principal Yes, thank you. I obviously should have done that before writing the email. The idea came to me spontaneously while talking on IRC. So did the constructive proposal regarding the new name. I still like it, but I agree that well-established terminology is very important. I just wonder how well-established principal really is (yeah, I know, J2EE and .NET are pretty big establishments). My biggest argument was that the understanding of a word is closely connected to suitable and appropriate translations of it. So, my question is, if big projects like J2EE and .NET have it, how do they translate it? A quick google (I did it this time! ;)) showed that a German translation doesn't seem to exist -- the English word is quoted all the time. So, in the end, it means as much to a German person as Fahrvergnügen*) means to an English speaker.. I think we should be careful before departing from common terms for API concepts lest we violate the principle of least surprise ;-) I agree; however, one should question even well-established terms once in a while. We've had a good year or two experimenting with the acceptance of principal. I wonder what people think; at least noone here stood up for principal because he believed that this term really fits the concept... (because it doesn't; the word denotes the headmaster of an American school :)) Philipp *) Fahrvergnügen (German: joy of driving) was a slogan used by Volkswagen in US commercials some time ago; the word is an American colloquialism now, but generally unknown in its meaning. ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] RFC: Rename principal to participant
I just wonder how well-established principal really is (yeah, I know, J2EE and .NET are pretty big establishments). Actually they borrowed the word from security systems that predate them such as Kerberos. I think Kerberos again borrowed the term from security software dating back from Mainframe days. Here is an early reference I found (1993) that makes heavy use of that term: http://www.ietf.org/rfc/rfc1508.txt My biggest argument was that the understanding of a word is closely connected to suitable and appropriate translations of it. So, my question is, if big projects like J2EE and .NET have it, how do they translate it? A quick google (I did it this time! ;)) showed that a German translation doesn't seem to exist -- the English word is quoted all the time. So, in the end, it means as much to a German person as Fahrvergnügen*) means to an English speaker.. Agreed. I think using the English word would be fine. I agree; however, one should question even well-established terms once in a while. We've had a good year or two experimenting with the acceptance of principal. I wonder what people think; at least noone here stood up for principal because he believed that this term really fits the concept... (because it doesn't; the word denotes the headmaster of an American school :)) I agree about questioning things, that's the best way (and maybe the only way) good ideas happen :-) However I think the term principal has a meaning that is much more broad. Check out the dictionary.com definition, esp. under the Law heading: http://dictionary.reference.com/search?q=principal I think this term did not originate with security software, rather from law and finance. This is how I recognized it when I first heard it applied in high tech. We borrow words like this all the time, for example talking about performing triage (a word borrowed from medicine). All this having been said, I still think it would be OK to use a different word for different audiences. Programmers and System Administrators should understand Principal but I would never expect regular end users to use it. For them, I would probably use User or Login depending on the context of the conversation. hope this helps, --Craeg ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
RE: [Zope3-dev] RFC: Rename principal to participant
Hi principals Behalf Of Philipp von Weitershausen Sent: Monday, September 12, 2005 6:32 PM To: zope3-dev@zope.org Subject: [Zope3-dev] RFC: Rename principal to participant Hi there, [...] Since principal doesn't seem to be a common term in IT speak either, translators repeatedly have their problems with it. In German, for example, we came up with Nutzungsberechtigter which is just an arbitrary choice and doesn't even fit all aspects of principal. It's still a good choice for now because if we had chosen to literally translate it as Prinzipal, noone would even be close to understanding what we meant. Sebastien Douche seemed to have the same problem regarding the French translation, as he told us on IRC today. There just aren't good native words that translate principal well enough, let alone a good literal translation. I don't agree Principal is a common term in IT security. Since we use a principal based security system, (perhaps there are other ones) we have to use the right name for this principal. Perhaps it is helpful to describe what a principal really are. A principal object represents the security context of the user on whose behalf the code is running, including the user's identity, groups and roles to which they belong. So, I would like to give principal a better name. How about participant? After all, a principal _participates_ in an interaction through a participation (e.g. an HTTP request). Participant should also be pretty easy to translate: it's a common word, especially outside IT vocubulary, which means chances are good to find appropriate native translations for it. No, no, a participant is not a principal. See the wfmc workflow implementation. Participants are used for participate on a process task. Participants don't even know how to login. Participants are more like a role in some use cases. btw, A wfmc participant can be one of the following types: - user - role - group - organisational unit - resource-set - resource - system If you implement such participants of a workflow you can map a participant to a role or a user(in z3 a principal) described above. I think there is no way to rename principal to participant since they are totaly different components. (Note that the point of finding translations for technical terms is not only for the sake of a translated Zope 3 UI. It's more about how people understand technical terms. I think most Zope 3 developers aren't native English speakers and they do not necessarily think in English. So, good words that have good native translations help the understanding process on their end. That is not only important for _learning_ a concept, but also for _explaining_ it. As a book author, I know what I'm talking about... :)) I think you are right here. It's not easy to explain a security concept. Perhaps we have to collect some good documentation from other principal based security concept and see how they describe this part. Regards Roger Ineichen Projekt01 GmbH www.projekt01.ch _ END OF MESSAGE Hope to hear some comments, Philipp ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/dev%40projekt01.ch ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
