From e47e7f457a6143dda28f9dd1674c53b1ece67f9d Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Sun, 17 Feb 2019 12:23:27 -0800 Subject: Add `security policy` and `identity` to glossary. Also mark authn/authz as deprecatd. --- docs/glossary.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/glossary.rst b/docs/glossary.rst index cd472a660..8a1d27734 100644 --- a/docs/glossary.rst +++ b/docs/glossary.rst @@ -306,6 +306,16 @@ Glossary a principal, but this is not strictly necessary in custom policies that define their principals differently. + identity + An identity is an opaque identifier of the user associated with the + current request. + + security policy + A security policy in :app:`Pyramid` terms is a bit of code which has an + API which identifies the user associated with the current request (perhaps + via a cookie or ``Authorization`` header) and determines whether or not + that user is permitted to access the requested resource. + authorization policy An authorization policy in :app:`Pyramid` terms is a bit of code which has an API which determines whether or not the @@ -313,11 +323,19 @@ Glossary associated with a permission, based on the information found on the :term:`context` resource. + .. deprecated:: 2.0 + Authorization policies have been deprecated in favor of a + :term:`security policy`. + authentication policy An authentication policy in :app:`Pyramid` terms is a bit of code which has an API which determines the current :term:`principal` (or principals) associated with a request. + .. deprecated:: 2.0 + Authentication policies have been deprecated in favor of a + :term:`security policy`. + WSGI `Web Server Gateway Interface `_. This is a Python standard for connecting web applications to web servers, -- cgit v1.2.3