This is sounding interesting, however, I am not sure what article of Hal's you are referring to. The only one I have seen by him on security was an old one back in the FB3 days. What you are talking about sounds like something different.
Would you mind posting some more details?
Thanks
-- Jeff
From: "Nando" <[EMAIL PROTECTED]>
Sent: Friday, January 21, 2005 9:09 AM
To: [email protected]
Subject: RE: [CFCDev] OO Security
I really like Hal's conceptual model of permissions. He has an article on his site, i believe, that presents it in terms of a set of keys. Whatever their role, users are either given a key or not to use a function in the application.
What that becomes then is a PermissionKey set of boolean values, or a KeyRing. So rather than the abstract concept Security ... KeyRing is a more solid concept to start building an OO model from.
I use this conceptual model and i really like it. Keys can be added or removed very easily from the system. And it's very flexible. A user can be assigned a permission that would out of the ordinary for their role - and as Hal points out in his article, that tends to happen in real life scenarios fairly often.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jeff Chastain
Sent: Friday, January 21, 2005 3:29 PM
To: [email protected]
Subject: [CFCDev] OO SecurityHow does one go about build a security framework using an object oriented approach? The question I am getting at is that 'security' is not an object in the same sense that a user or a document is an object.So, does a user object have an authenticate method that accepts a username and password? Something about this does not seem right.Along the same lines, does a document object have an authorize method that accepts a user or group to determine if they have access?So, how does one handle security using an object oriented approach?Thanks-- Jeff
