[Yanel-dev] Re: Access Control User Interface

Michael Wechner michael.wechner at wyona.com
Wed Jan 31 11:04:31 CET 2007 

Josias Thöny wrote:

>On Wed, 2007-01-31 at 09:33 +0100, Michael Wechner wrote:
>  
>
>>Paloma Gomez wrote:
>>
>>    
>>
>>>>I think that the Identity is some kind of abstraction of the following
>>>>items:
>>>>- user
>>>>- machine
>>>>- ip range
>>>>- world
>>>>So maybe we could keep Identity.java as a super-class or an interface.
>>>>But I'm not sure which methods to put into Identity.java.
>>>>   
>>>>
>>>>        
>>>>
>>>Currently, Identity.java just holds a username and an array containing
>>>groups and provides getter methods for retrieving them.
>>>
>>>      
>>>
>>the identity is a container for
>>
>>user
>>machine/ip-range
>>world
>>group
>>    
>>
>
>IIUC the identity is either a user, or a machine, or world, etc. But
>it's not everything at the same time, or is it?
>  
>

no. A user does also have an IP and can be part of a group or many groups

>So it would seem to me more natural to have Identity as a super-type of
>all those "things", instead of a container.
>
>Or am I misunderstanding you?
>  
>

yes ;-) see above

>What about the following situation:
>A page has a policy which allows access from a certain ip-number. Now a
>user at the workstation with that ip-number tries to access that page.
>The user will be authorized, without entering username/password. In this
>case the identity is just the machine, and there is no username or group
>available.
>  
>

the question is if we should introduce for IP Numbers also identities 
within the identities repository?

Is that what you are implying?

Cheers

Michi

>
>Josias
>
>  
>
>>resp. identifiying a session so to speak. Instead of passing around all 
>>the types mentioned above one
>>just has to pass around the identity which I think makes a lot of sense ;-)
>>
>>    
>>
>>>If we want it to
>>>represent any kind of item, we should change the current implementation
>>>since it just considers users.
>>>
>>>      
>>>
>>which implementation?
>>
>>Cheers
>>
>>Michi
>>
>>
>>    
>>
>
>
>_______________________________________________
>Yanel-development mailing list
>Yanel-development at wyona.com
>http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
>
>  
>


-- 
Michael Wechner
Wyona      -   Open Source Content Management   -    Apache Lenya
http://www.wyona.com                      http://lenya.apache.org
michael.wechner at wyona.com                        michi at apache.org
+41 44 272 91 61

More information about the Yanel-development mailing list