http://ayende.comAyende @ RahienCopyright (C) Ayende Rahien 2004 - 2021 (c) 202660Amazing timing, I have been experimenting with an implementation your 'vision for an enterprise security infrasturcture' you posted about last year and have just arranged with a colleague to review/discuss it. Great post, where do you find the time? http://ayende.com/3109/rhino-security-overview-part-i#comment14http://ayende.com/3109/rhino-security-overview-part-i#comment14Wed, 23 Jan 2008 13:53:27 GMTPeter, I have a disconnect here, because that is what Rhino Security does. http://ayende.com/3109/rhino-security-overview-part-i#comment13http://ayende.com/3109/rhino-security-overview-part-i#comment13Tue, 22 Jan 2008 19:21:08 GMTRobert, Yes, that is the overall idea. http://ayende.com/3109/rhino-security-overview-part-i#comment12http://ayende.com/3109/rhino-security-overview-part-i#comment12Tue, 22 Jan 2008 19:20:07 GMTFor me, the security model should only be concerned about permissions. It should be able to tell the application whether a user has a permission and the application would tell the security layer to "set" a permission for a particular user/group/role/etc. (as well as management of users and permissions including hierarchy...) It doesn't need to be concerned about what that permission means to the application, only that that user has it (or wasn't denied it). The application then maps that permission to a specific ability or action and lets the user perform it if they have the permission. That model means the concern of application-specific operations isn't mixed into the security model. That, of course, doesn't mean what you've defined won't work for Rhino... http://ayende.com/3109/rhino-security-overview-part-i#comment11http://ayende.com/3109/rhino-security-overview-part-i#comment11Tue, 22 Jan 2008 19:16:45 GMTLet me check if I get it right: you are saying that, instead of having roles considered as collection of permissions, I can replace this concept with another one like: user group called "Salesman" to which I can grant many permissions? http://ayende.com/3109/rhino-security-overview-part-i#comment10http://ayende.com/3109/rhino-security-overview-part-i#comment10Tue, 22 Jan 2008 19:07:37 GMTRobert, Yes, there is support for groups of users. Those can be local groups "Users associated with Northwind" or global "Sales". The difference is conceptual more than anything else. The level are used to resolve ambiguities in the permissions, so you can override a permission with another. http://ayende.com/3109/rhino-security-overview-part-i#comment9http://ayende.com/3109/rhino-security-overview-part-i#comment9Tue, 22 Jan 2008 18:44:47 GMTAyende, Please explain a little bit about security levels... What kind of usage scenarios do they cover? How about the mixing of roles and permissions? I usually group my permissions in roles so that the application's administrative burden is a little bit lighter. It would be nice that if we I grant the user X the role Salesman, then he would have the following list of permissions...etc. http://ayende.com/3109/rhino-security-overview-part-i#comment8http://ayende.com/3109/rhino-security-overview-part-i#comment8Tue, 22 Jan 2008 18:41:55 GMTPeter, We _have_ circular dependencies here, with User, for example/ I think that we need to talk about Operation entity type and Operation instances. Operation entity type is a security concept. Operation instances are domain concepts. So "/Printing" is a domain concept, but the idea of operation itself is part of the security infrastructure. http://ayende.com/3109/rhino-security-overview-part-i#comment7http://ayende.com/3109/rhino-security-overview-part-i#comment7Tue, 22 Jan 2008 18:38:25 GMTI'm reading "that you are performing" as something the user would be performing, not the programmer. That to me seems like application behaviour that would be tied (a least sometimes) to the domain. e.g. the operation of "printing": a user may or may not have the permission to print; but "printing" would be a domain concept--some domains deal with printing, some do not. A "permission" would be a security concept. i.e. I don't see the need for the security model to know anything about an operation (as described above), the security layer would define who would have what permission and the application/domain would then decide whether or not it can invoke a operation based on the user's permissions. Would the application/domain ask the security model if a user has a particular permission, or would you ask the security model if they are able to perform a printing operation? The later requires that the security model knows about "printing"--a circular dependency, the security model needs to know about domain concepts and the domain relies upon the security model for domain concepts (and permission management). http://ayende.com/3109/rhino-security-overview-part-i#comment6http://ayende.com/3109/rhino-security-overview-part-i#comment6Tue, 22 Jan 2008 18:13:02 GMTCheck out the "How to build.txt" file, you need to run the build from the command line first. http://ayende.com/3109/rhino-security-overview-part-i#comment5http://ayende.com/3109/rhino-security-overview-part-i#comment5Tue, 22 Jan 2008 17:22:21 GMTOren, i anxiously want to give it a spin, but i'm having an issue building rhino-tools from the ide ( complaints about missing AssemblyInfo.cs when i try building rhino commons). http://ayende.com/3109/rhino-security-overview-part-i#comment4http://ayende.com/3109/rhino-security-overview-part-i#comment4Tue, 22 Jan 2008 17:18:03 GMTPeter, Operation is a security concept, not a domain concept. It is the operation that you are performing that you get permission for. I have rarely seen it as a first class entity in projects, when it appeared, it was usually in the security module anyway. Can you give an example of when this is part of the domain? http://ayende.com/3109/rhino-security-overview-part-i#comment3http://ayende.com/3109/rhino-security-overview-part-i#comment3Tue, 22 Jan 2008 17:14:18 GMTI'm curious, why is the Operation part of the security model? That seems more application or domain specific. http://ayende.com/3109/rhino-security-overview-part-i#comment2http://ayende.com/3109/rhino-security-overview-part-i#comment2Tue, 22 Jan 2008 15:46:42 GMTVery interesting! I would like to see code samples! http://ayende.com/3109/rhino-security-overview-part-i#comment1http://ayende.com/3109/rhino-security-overview-part-i#comment1Tue, 22 Jan 2008 14:47:45 GMT