How does one go
about build a security framework using an object oriented approach? The
question I am getting at is that 'security' is not an object in the same sense
that a user or a document is an object.
So, does a user
object have an authenticate method that accepts a username and password?
Something about this does not seem right.
Along the same
lines, does a document object have an authorize method that accepts a user or
group to determine if they have access?
So, how does one
handle security using an object oriented approach?
Thanks
--
Jeff
