If I remember correctly, the article that Nando has mentioned appeared in CFDJ few months back. I cannot recall the exact month.
On Fri, 21 Jan 2005 09:34:19 -0600, Jeff Chastain <[EMAIL PROTECTED]> wrote: > Nando - > > This is sounding interesting, however, I am not sure what article of Hal's > you are referring to. The only one I have seen by him on security was an > old one back in the FB3 days. What you are talking about sounds like > something different. > > Would you mind posting some more details? > > Thanks > -- Jeff > > ________________________________ > From: "Nando" <[EMAIL PROTECTED]> > Sent: Friday, January 21, 2005 9:09 AM > To: [email protected] > Subject: RE: [CFCDev] OO Security > > > I really like Hal's conceptual model of permissions. He has an article on > his site, i believe, that presents it in terms of a set of keys. Whatever > their role, users are either given a key or not to use a function in the > application. > > What that becomes then is a PermissionKey set of boolean values, or a > KeyRing. So rather than the abstract concept Security ... KeyRing is a more > solid concept to start building an OO model from. > > I use this conceptual model and i really like it. Keys can be added or > removed very easily from the system. And it's very flexible. A user can be > assigned a permission that would out of the ordinary for their role - and as > Hal points out in his article, that tends to happen in real life scenarios > fairly often. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Jeff Chastain > Sent: Friday, January 21, 2005 3:29 PM > To: [email protected] > Subject: [CFCDev] OO Security > > How does one go about build a security framework using an object oriented > approach? The question I am getting at is that 'security' is not an object > in the same sense that a user or a document is an object. > > So, does a user object have an authenticate method that accepts a username > and password? Something about this does not seem right. > > Along the same lines, does a document object have an authorize method that > accepts a user or group to determine if they have access? > > So, how does one handle security using an object oriented approach? > > Thanks > -- Jeff > ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
