ACL / RBAC

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ACL / RBAC

Simon Walter
Hi all,

Having used ZF1's ACL component quite a bit, I'm wondering if any such
component is planed for ZF2. I did some reading, and it seems that Zend_ACL is
more RBAC than ACL. I like the flexibility Zend_ACL offers. However, some
people (on their blogs etc) contend that RBAC > ACL because RBAC is concerned
with a persons role while ACL is concerned with a persons identity. Because of
inheritance, Zend_ACL can also be used in the same way as RBAC it seems.

I'm not familiar with the formal definition of either concepts. When Zend_ACL
was written, was it strictly "ACL" or "RBAC" or a mix of both?

Can someone shed some light on this?

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: ACL / RBAC

keith Pope-4
On 25 November 2011 06:03, Simon Walter <[hidden email]> wrote:

> Hi all,
>
> Having used ZF1's ACL component quite a bit, I'm wondering if any such
> component is planed for ZF2. I did some reading, and it seems that Zend_ACL is
> more RBAC than ACL. I like the flexibility Zend_ACL offers. However, some
> people (on their blogs etc) contend that RBAC > ACL because RBAC is concerned
> with a persons role while ACL is concerned with a persons identity. Because of
> inheritance, Zend_ACL can also be used in the same way as RBAC it seems.
>
> I'm not familiar with the formal definition of either concepts. When Zend_ACL
> was written, was it strictly "ACL" or "RBAC" or a mix of both?
>
> Can someone shed some light on this?

From what I have read ACL will be ported/refactored into zf2 and then
RBAC would be a separate component.

>
> --
> List: [hidden email]
> Info: http://framework.zend.com/archives
> Unsubscribe: [hidden email]
>
>
>



--
------------
http://www.thepopeisdead.com

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: ACL / RBAC

weierophinney
Administrator
-- keith Pope <[hidden email]> wrote
(on Friday, 25 November 2011, 10:58 AM +0000):

> On 25 November 2011 06:03, Simon Walter <[hidden email]> wrote:
> > Having used ZF1's ACL component quite a bit, I'm wondering if any such
> > component is planed for ZF2. I did some reading, and it seems that Zend_ACL is
> > more RBAC than ACL. I like the flexibility Zend_ACL offers. However, some
> > people (on their blogs etc) contend that RBAC > ACL because RBAC is concerned
> > with a persons role while ACL is concerned with a persons identity. Because of
> > inheritance, Zend_ACL can also be used in the same way as RBAC it seems.
> >
> > I'm not familiar with the formal definition of either concepts. When Zend_ACL
> > was written, was it strictly "ACL" or "RBAC" or a mix of both?
> >
> > Can someone shed some light on this?
>
> From what I have read ACL will be ported/refactored into zf2 and then
> RBAC would be a separate component.

Zend\Acl is already ported into ZF2; it was one of the early ones.

We discussed this during an IRC meeting:

    http://framework.zend.com/wiki/display/ZFDEV2/2011-10-26+Meeting+Log

The consensus is that with very few changes, most of which would be to
take advantage of PHP 5.3 features (particularly SPL data structures),
we'd likely have a full-blown RBAC implementation anyways.

--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: ACL / RBAC

Boris Murashin
28.11.2011 18:29, Matthew Weier O'Phinney пишет:

> -- keith Pope<[hidden email]>  wrote
> (on Friday, 25 November 2011, 10:58 AM +0000):
>> On 25 November 2011 06:03, Simon Walter<[hidden email]>  wrote:
>>> Having used ZF1's ACL component quite a bit, I'm wondering if any such
>>> component is planed for ZF2. I did some reading, and it seems that Zend_ACL is
>>> more RBAC than ACL. I like the flexibility Zend_ACL offers. However, some
>>> people (on their blogs etc) contend that RBAC>  ACL because RBAC is concerned
>>> with a persons role while ACL is concerned with a persons identity. Because of
>>> inheritance, Zend_ACL can also be used in the same way as RBAC it seems.
>>>
>>> I'm not familiar with the formal definition of either concepts. When Zend_ACL
>>> was written, was it strictly "ACL" or "RBAC" or a mix of both?
>>>
>>> Can someone shed some light on this?
>>  From what I have read ACL will be ported/refactored into zf2 and then
>> RBAC would be a separate component.
> Zend\Acl is already ported into ZF2; it was one of the early ones.
>
> We discussed this during an IRC meeting:
>
>      http://framework.zend.com/wiki/display/ZFDEV2/2011-10-26+Meeting+Log
>
> The consensus is that with very few changes, most of which would be to
> take advantage of PHP 5.3 features (particularly SPL data structures),
> we'd likely have a full-blown RBAC implementation anyways.
>
Is RecursiveIterator one of SPL structures for Zend\ACL? I concerned
about traversing performance - that's at least 3 function calls for
every node: next(), valid(), hasChildren(). I had real performance
issues with Zend_Navigation_Container (ZF1) after adding 300+ pages in
it. Wouldn't same harm ACL?

P.S. Any plans when development reaches Zend\Navigation\Container? I
have more feedback on it.

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]