[TYPO3-ect] Solutions for rights management

Sven Wilhelm wilhelm at icecrash.com
Tue Jan 10 23:20:28 CET 2006 

Nice to be called theoretics, just more often it's named Software
Engineer ;)

> the system of users and groups to controll accesses to resources in FE and BE is
> limited and works differently. It doesn't suffice for more complex editor teams.
> 
> Extensions point in different directions for solutions. I have discovered at
> least 3:
> 
> * implementation of roles
> * conneting to LDAP
> * ACL lists
later in my posting.

> What do you think is the most promising direction?
> How do other projects solve this?
> Is there anybody who has deeper academical knowledges on this field?
> Is there anybody with profounded professional experienced on this?
I don't know if I can call me a professional, but I know of different
concepts that solve this in different ways.


The global topic for all that stuff is Authentication, Authorization and
Accounting (the famous triple A). Something special in TYPO3 is the
complete splitting of backend and frontend stuff. Other systems use
different views therefore.

Best solution (in my mind) is to implement a system like PAM (pluggable
authentication modules, used in Linux and Solaris). It allows you to
have different backends for the different kind of informations. At least
you must therefore force to have an API that MUST be used by all
extensions.

Im my mind it is at least necessary to reduce the amount of possible
configuration settings for content/page elements, module accessing,...
No systems is able do make a good job if you want to configure how the
last attribute is accessible from person xyz.

For security reasons and to be able to implement a clean solution an
extreme object oriented system must be designed.

What objects are used?

-> User (specification)
-> Group (specification)
-> Role (specification)
-> Permission (specification)
-> ACL Entry (specification)

>From LDAP you can get inspired by the way informations are stored. The
do not extend the entries in a wild style (simply adding a table column)
but by defining object classes (person,inetOrgPerson,...)
Nice thing for adopting.

So far first,

kind regards Sven

More information about the TYPO3-team-extension-coordination mailing list