diff options
| author | Michael Merickel <michael@merickel.org> | 2019-09-30 22:23:02 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-30 22:23:02 -0500 |
| commit | 849463d3c2f5ad2c89b3d10a2abce63e4892082d (patch) | |
| tree | 5bc507d427d8d2000c59ad7837cc03099decf1b5 /docs/glossary.rst | |
| parent | ada0a977d9190520c21ffaf9500860db2f3a1b3e (diff) | |
| parent | cdb26610782176955cd8cfb0b3c3e242ca819f74 (diff) | |
| download | pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.tar.gz pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.tar.bz2 pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.zip | |
Merge pull request #3465 from luhn/security-policy
Security policy implementation
Diffstat (limited to 'docs/glossary.rst')
| -rw-r--r-- | docs/glossary.rst | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/docs/glossary.rst b/docs/glossary.rst index 8df70f475..2d2595592 100644 --- a/docs/glossary.rst +++ b/docs/glossary.rst @@ -298,13 +298,20 @@ Glossary foo` and `group bar`. userid - A *userid* is a string used to identify and authenticate - a real-world user or client. A userid is supplied to an - :term:`authentication policy` in order to discover the user's - :term:`principals <principal>`. In the authentication policies which - :app:`Pyramid` provides, the default behavior returns the user's userid as - a principal, but this is not strictly necessary in custom policies that - define their principals differently. + A *userid* is the string representation of an :term:`identity`. Just like + the identity, it should identify the user associated with the current + request. Oftentimes this is the ID of the user object in a database. + + identity + An identity is an object identifying the user associated with the + current request. The identity can be any object, but should implement a + ``__str__`` method that outputs a corresponding :term:`userid`. + + security policy + A security policy in :app:`Pyramid` terms is a bit of code which has an + API which identifies the user associated with the current request (perhaps + via a cookie or ``Authorization`` header) and determines whether or not + that user is permitted to access the requested resource. authorization policy An authorization policy in :app:`Pyramid` terms is a bit of @@ -313,11 +320,19 @@ Glossary associated with a permission, based on the information found on the :term:`context` resource. + .. deprecated:: 2.0 + Authorization policies have been deprecated in favor of a + :term:`security policy`. + authentication policy An authentication policy in :app:`Pyramid` terms is a bit of code which has an API which determines the current :term:`principal` (or principals) associated with a request. + .. deprecated:: 2.0 + Authentication policies have been deprecated in favor of a + :term:`security policy`. + WSGI `Web Server Gateway Interface <https://wsgi.readthedocs.io/en/latest/>`_. This is a Python standard for connecting web applications to web servers, |