Kevin mentioned on several occasions (see ticket #313) that he would
like to investigate the possibility of using RuleDispatch.
To be honest, your current work (I do hope I did not come of as trying
to put it down too harshly. If I did, I am truly sorry.) covers well
over 90% of use-cases, I simply like generic functions (to put it
bluntly, I am just as biassed as you :)). It has to be said however that
some things could be solved more elegantly. Here peak.security shines.
Embedding it would also be appealing to all who are already using PEAK.
I am aware generic functions can be a bit confusing at times, but we can
always provide an additional layer covering most of the cases (see my
proposition #2) while retaining full power of generic functions.
Cheers,
Simon
Jeff Watkins wrote:
Simon, first let me admit I'm biased, but I'm really not certain what
you're trying to accomplish with RuleDispatch (which is *really* cool,
by the way) with regard to security. I don't dispute that the PEAK
security code is *incredibly* powerful, but it is also rather confusing
-- at least to language newcomers like me and I suspect many of the
TurboGears target audience.
Can you give me a couple examples of functionality that Identity is
missing? Besides ownership testing, which is problematic but not
impossible using introspection.
Additionally, while the technique is different than that used in PEAK,
you can always create a new predicate for the Identity system.
On 14 Jan, 2006, at 3:58 pm, Simon Belak wrote:
Hi,
I am looking into using RuleDispatch via peak.security for Identity
framework (ticket #313). Unfortunately the two approaches seem to
differ quite substantially. I see 3 possibilities:
1) use peak.security for security modelling and keep Identity just as
a default implementation. This would be a backward-incompatible change.
Considering the way peak.security.context is constructed it would
probably be best to move all security modelling to either model.py or
a separate file (e.g. security.py).
2) retain identety.require() but use it to build peak.security.context
on the fly. peak.security would than be a middle-layer and Identity
offered as a default implementation.
3) just make peak.security an option.
---
To me the best course of action seems 1) + security.py.
References:
http://peak.telecommunity.com/DevCenter/SecurityRules
http://trac.turbogears.org/turbogears/wiki/IdentityManagement
Cheers,
Simon
--
Jeff Watkins
http://newburyportion.com/
In the USDA study [of the meat packing industry conducted in 1996] 78.6
percent of the ground beef contained microbes that are spread primarily
by fecal material. The medical literature on the causes of food
poisoning is full of euphemisms and dry scientific terms: coliform
levels, aerobic plate counts, sorbitol, MacConkey agar, and so on.
Behind them lies a simple explanation for why eating a hamburger can now
make you seriously ill: There is shit in the meat.
-- Eric Schlosser, Fast Food Nation
