On 7/14/05, Borislav Sabev <[EMAIL PROTECTED]> wrote: > I fully agree here, that's why I consider Authorization as a ring that > intersect all other rings, and this means it depend on each of them. > But it fact better metaphor for it is that is a small ring inside every > other ring, i.e. not seen as one monolithic ring.
Another word for authorization might be customization. In the case of authorization, we are imposing customization, but many applications have users that wish to customize how the application behaves. They might want to use a different skin, or have a different number of items appear in a result list, or start on a different page of the application. One way to address customization is to build the notion of a user profile into the application. The user profile can contain the information each ring might require to customize the user experience. We are doing this at work now. If a user agent doesn't already have a profile, the first thing we do is create one. The profile is passed up to the business layer with each business request, and the business commands make some decisions based on the user's profile. Of course, profiles are not for everyone. You have to store the profile somewhere, and that usually means using session state (if you want it to be secure). Now that we have sticky bits, session isn't the red flag it used to be, but some applications still have to choose between scalability and customization. And, that's what engineering is about: choosing. -Ted. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
