> -----Original Message----- > From: Eric Dobbs [mailto:[EMAIL PROTECTED]] > Sent: 14 February 2002 15:16 > To: Turbine Developers List > Subject: Re: Security Changes - blow by blow ... > > I think we need Scope where JAAS would have CodeSource. > It's not enough to ask "does the Subject have Permission?" > We need to be asking "does the Subject have Permission in this > Scope?" > > public boolean implies(Subject subject, Scope scope, > Permission permission); > > And I think this also needs to be reflected when assigning the > Permissions to Roles in the first place. This is why I don't > think it's the right idea to model Scope as a Principal. I > really think these are different animals. But I'm still > willing to be persuaded otherwise.
Hmm... you certainly know how to throw a spanner in the works... :-) Scope is necessary, as you so rightly point out, and my proposal doesnt reflect this. :-( ...yet. ;-) But, I have a problem getting my head round why CodeSource and Scope should be treated in the same manner. Lets say that a class called Project exists. This class could be put into a collection, therefore a set of many projects or scopes exist, but a single codeSource. Have I understood the concept of Scope here? What mechanism would be used by JAAS to provide permissions based on which project/scope you were viewing/editing? The CodeSource cannot be used to differentiate, as there is only one. Chris -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
