I very much want Zope 2.9 to use Zope 3's security architecture. Zope 3's security architecture is far more robust, but it is different in some significant ways:
- It protects names not values. This means that you protect how you access things, not the things themselves.
- It doesn't provide key-bases access control for mapping objects. If you can get any key, you can get all keys. This is less powerful that Zope 2's security system, but this is power we haven't needed for Zope 3 and I suggest we don't really need it for Zope 2.
- Non-basic values passed from trusted code to untrusted code are security proxied and thus protected. This means that the security framework has a much greater reach than in Zope 2, Even trusted code is subject to the security system in many cases. This can be a good thing or a bad thing, depending on your point of view. :)
- The Zope 3 security system is much more pluggable. This means that it is much easier to provide alternate security policies to meet special needs to or exclude unneeded features.
For more information on the security system, see:
I see 2 main challenges:
- supporting implicit acquisition
- Backward incompatibilities:
o No support for key-based access control
o Trusted code will be subject to security restrictions in cases in which it isn't now.
I think there will be a number of significant benefits, including:
- Greater security
- Less complexity
- Less risk with new Python versions
- Narrower gap between Zope 2 and Zope 3.
This will be a fairly large job. I won't have time to work on it before this Fall. I could certianly use some help. :)
Are there any objections? Suggestions? Questions?
Jim Fulton mailto:[EMAIL PROTECTED] Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce