[Seaside] Implementing RBAC in Seaside
nevin at bountifulbaby.com
Thu Feb 2 22:56:42 CET 2006
Christopher Petrilli wrote:
>Before I start work on this myself, I was wondering if anyone has an
>existing authentication framework that also takes into account
>permissions and roles with objects? It seems to me that Seaside, and
>Smalltalk, are great for this, but I've seen no work done on it.
I experimented with this some years ago. I have always felt that the
proper answer to a question depends on who is asking the question. For
example, if I were to ask what your salary is, or what your credit card
number is, you are likely to give me an entirely different answer than
if your wife asks you the same question. By analogy, this would also
mean that an object's response to a message send should depend on who
the sender is. Right now, Smalltalk just acts like a dumb parrot, and
spews out a response to the message regardless of who sent the message.
Not very intelligent, in my opinion.
The basic idea goes like this: first, use the Unix permissions as a
model (e.g., "OWNER, GROUP, WORLD"). This means each class would have
three groups of messages: (1) a group of messages that are valid if the
sender is the OWNER (I'll define what is meant by OWNER in a minute),
(2) a group of messages that are valid if the sender is in the GROUP,
and (3) a group of messages that are valid if the sender is anyone else
Each class would therefore have three different implementations of each
selector (although some implementations might be empty; e.g.
non-existant), and the correct implementation of a given selector would
be dynamically chosen at runtime, depending on who the sender of the
The OWNER of an object is anybody in a chain of authority over the
object, and is role-specific. Therefore, the OWNER is runtime selected
based on the current role. For example, if you were an instance of
INDIVIDUAL, and you were currently in the role of EMPLOYEE, then your
OWNER is your boss (and his OWNER under that same role would be his
So, if you had an instance of INDIVIDUAL with a role of EMPLOYEE, then
another INDIVIDUAL (i.e., the employee's boss) would be the OWNER.
Thus, if the boss sent the message, your response would be different
than if, say, a customer sent the message.
You could build an entire security model on this. In fact, I did. The
way the system behaved for you would depend entirely on what your role
was, which in turn would depend on what password you provided. Your
password determined your role, which in turn determined the system-wide
behavior, right down to the object level.
It got a little funky, though, where the system didn't always do what I
thought it should. And, in every case, it turned out that it was doing
exactly what it should. It just wasn't particularly easy to debug
without an entire set of tools (debugger, browser, etc.) specifically
supporting these ideas. Consequently, it was too complicated. So, I
I still think it's a good idea, though.
More information about the Seaside