> I've seen mentioned several times on this list that an eventual goal of the > identity system in TurboGears is to be able to specify the required groups, > permissions, etc. for access to a resource in a config file. This would > allow an administrator, rather than a developer, to set security policy. I > have not seen any ideas on how this would actually work, though. Is anyone > actively working on this? In case the answer is no, here are some ideas > that I just had...
I certainly hope this isn't where TurboGears is going - when it does that why not just call itself Zope3 2? If this is the eventual plan, I would say make it entirely optional - and certainly don't make it xml. If people wanted to play with config files they'd do java web development :) > Like I said earlier, I haven't delved into the inner workings of the > identity system, but it seems that, at least for the user (TG app developer) > this would allow the use of a config file for authorization data without > having to relearn a whole new system. It seems like a useful use case at first glance - but do you really want someone who doesn't understand how the system works setting the security on it? I think that the security should really be done by the developer. The idea that an admin can sit down in front of a foreign system and start reassigning permissions is not realistic. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
