Alan Burlison wrote:
> In the first case we'd
> have to add new data to the database for each and every user that needed
> to do code reviews. In the second case, the right we chose to alias
> 'code reviewer' on to actually starts to describe a role rather than a
> right.
<DESIGN-ON-THE-FLY warning>
From a "security" perspective, the second case is fraught with
authorization holes.
Code review or ARC authority or web editing privs based on the existance of
attributes intended to be used for community voting/membership status means
that there is no way to say things like "is an ARC member but is not a
website editor".
This seems like a hardcoded assumption rather than a configurable policy,
and feels shortsighted. Rather, since you already intend to have the
confederation of affiliated sites be controlled and limited, you could
easily include a mechanism (aka LDAP...) whereby each system defined a
set of roles that would indeed be added (as a relation?) to your user/auth
schema.
Thus, the website would add "role=editor", the poll system would add
"role=voter", the ARC system would add "role=member, intern", etc...
and the affiliated sites could ask you to associate a person with one
of their roles (but not with some other site's roles...).
-John
