> First, and most important for Turbine, Principals are
> where Roles and Groups would be implemented.
> 
> Second, and also important for Turbine, Permissions are
> connected to Principals, not directly to subjects.
> 
> Third, the Subject would have many Principals, one of
> which serves as the userid.
> 
> Fourth, Principals come into play in Pluggable
> Authentication Modules (PAM).  This allows an
> administrator of an application to choose their own
> authentication technologies and policies.  (LDAP, DB,
> ActiveDirectory, Kerberos,...)
> 
> Fifth, Principals are used to enable a Subject to login
> once and be granted access to many applications.

I'm very thick-headed... Can you provide a blow by blow
example of these concepts? Something like "User U1 has
Principals P1 and P2, which in turn...", etc., but
hopefully with names for each entity that are from a
real-life requirement?

>    +-------+ 1   N +---------+ 1      N +----------+
>    |Subject+-------+Principal+----------+Permission|
>    +-------+       +----+----+          +----------+
>                         |
>             +-----------+---------+
>             |           |         |
>          +--+---+    +--+--+    +-+--+
>          |UserId|    |Group|    |Role|
>          +------+    +-----+    +----+

Shouldn't Role be changed into Project, as per your other
messages?

> -Eric


-- 
Gonzalo A. Diethelm
[EMAIL PROTECTED]


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to