You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lenya.apache.org by Andreas Hartmann <an...@apache.org> on 2003/06/20 10:45:38 UTC

Policy file drafts

Hi Lenya developers,

what do you think about this policy definition file drafts?

<policy xmlns="http://apache.org/cocoon/lenya/ac/1.0">
   <credentials>

     <credential type="group" id="news-editors">
       <role id="editor"/>
     </credential>

     <credential type="user" id="john">
       <role id="author"/>
       <role id="admin"/>
     </credential>

   </credentials>
</policy>

If we don't need extensibility, we can change it to

<policy xmlns="http://apache.org/cocoon/lenya/ac/1.0">

   <group id="news-editors">
     <role id="editor"/>
   </group>

   <user id="john">
     <role id="author"/>
     <role id="admin"/>
   </user>

   <machine id="192.168.0.23">...</machine>
   <world>...</world>

</policy>

Writing this draft, a problem came into my mind:

When a user or group is deleted or renamed, all policy
files have to be parsed and adapted to keep the system
consistent.

The other kind of definition (assign URLs to users/groups)
would lead to the same problem. Additionally, we would have
to keep a list of machines to assign URLs to them.

I guess a database would certainly simplify this
procedure ...

Please add your comments!

Andreas



---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Re: Policy file drafts

Posted by Andreas Hartmann <an...@apache.org>.

Christian Egli wrote:
> So basically a user can have different roles in different policies and
> hence different roles for different URI spaces? Is my understanding
> correct?

Yes.

> So (again this is my user-centric view) to list all the roles
> of a user we'd have to parse all policies?

Yes. If we could restrict the editing to the web interface, we
could serialize the objects and restore them very quickly, but
otherwise we have to parse the policies.

>>When a user or group is deleted or renamed, all policy
>>files have to be parsed and adapted to keep the system
>>consistent.
> 
> There is something fishy with the model if this is needed. Is the
> information stored redundantly?

No, it's not redundant. But the user/group names are used in
the policy files.

>>The other kind of definition (assign URLs to users/groups)
>>would lead to the same problem. Additionally, we would have
>>to keep a list of machines to assign URLs to them.
> 
> Oh, I understand now. Are you saying that if we employ a user-centric
> view and store that URLs somewhere with the user we'll have to
> maintain them as the URI space changes?

Yes, no matter which entry point we use (URLs or users) we have
to keep the other side up to date. This sounds like a job for a
database.

Andreas



---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Re: Policy file drafts

Posted by Christian Egli <ch...@wyona.com>.

Andreas Hartmann <an...@apache.org> writes:

> Hi Lenya developers,

Hi Andreas

> what do you think about this policy definition file drafts?
> 
> <policy xmlns="http://apache.org/cocoon/lenya/ac/1.0">
>   <credentials>
>
>     <credential type="group" id="news-editors">
>       <role id="editor"/>
>     </credential>
>
>     <credential type="user" id="john">
>       <role id="author"/>
>       <role id="admin"/>
>     </credential>
>
>   </credentials>
> </policy>

So basically a user can have different roles in different policies and
hence different roles for different URI spaces? Is my understanding
correct? So (again this is my user-centric view) to list all the roles
of a user we'd have to parse all policies?

> Writing this draft, a problem came into my mind:
> 
> When a user or group is deleted or renamed, all policy
> files have to be parsed and adapted to keep the system
> consistent.

There is something fishy with the model if this is needed. Is the
information stored redundantly?

> The other kind of definition (assign URLs to users/groups)
> would lead to the same problem. Additionally, we would have
> to keep a list of machines to assign URLs to them.

Oh, I understand now. Are you saying that if we employ a user-centric
view and store that URLs somewhere with the user we'll have to
maintain them as the URI space changes?

-- 
Christian Egli       christian.egli@wyona.com   +41 1 272 9161
                     Wyona AG, Hardstrasse 219, CH-8005 Zurich
Open Source CMS      http://www.wyona.org http://www.wyona.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org