[Pmwiki-users] Easily Hackable?

[Eric Celeste]

> ... but then hand-wave the issue of mapping user identity to allowable
> actions as being a trivially or already solved problem, which it's not.

So true.

PmWiki is a long way from this, but I'll put it on the table anyway...

I think authorization really has been done best when it includes both groups
(of users) and hierarchy. My favorite model has been AFS, which applies
rights to directories rather than files. In PmWiki's world, this would be
similar to binding the rights to the groups (of pages) rather than to the
files. In a way, this is a cousin of the "all-or-nothing" approach, but not
quite so easy to solve. The need for page-level control fades if you allow
groups to have a hierarchy (groups (of groups (of groups (of pages)))).

Of course, this plays havoc with syntax, since you need to allow for
arbitrary numbers of dots (group.subgroup.subsubgroup.page) or slashes
(ThisWiki:/group/subgroup/subsubgroup/page), but it can make for a very
elegant result. 

Allowing users to be grouped as well (gee, we'd need another word for that,
wouldn't we, since PmWiki already uses groups for pages) makes it easier to
manage the assignment of rights to many users, especially if those groups
(of users) can also be hierarchical (groups (of groups (of users))).

That would all be quite a lot to bite of right now, but that would be a nice
direction to aim. It would be great if the early developments around
authorization could be designed in such a way that they didn't preclude
inserting groups and hierarchy down the road.

For now, our group has accepted the shared secret approach of the current
PmWiki. We'll see how long that holds up!

...Eric