What do you agree about? The flexibility I choose to offer? Whats not benefitial?I would agree. You are choosing to give users attributes that have a hierarchy. You can do so, but you don't have to. (In many cases, it is beneficial not to do so).
If you re-read, you will see that's exactly what I said, only different wording...I used *groups* instad of *roles*Here, you are giving permissions to a *user*, when in reality, it is more likely that they have *roles*.
I was unware of any legal issues...Most compliance regulations suggest/encourage/require-by-law that you give groups ("roles") the permissions, and users are made to be "members" of that group
Bzzzzzt...In that sense, its not hierarchical. A user has a password, and a role. Another user has a password, and a role. Those roles may be related, but they are not (neccesarily) hierarchical.
I think you fell off the bus
A role is hierarchial by it's very nature...what are talking about?
Think about it...your authorization roles are reflecting the exact *structure* of your organization...
A companies CEO is not inline with a Janitor...he/she is the end all be all...thee who makes executive decisions...Sure you can have non-hierarchial relationships...for example, two managers which fall under the same *role* or title...in which case they become siblings and no NOT share any parent/child relationship...however they still fit well into a hierarchial structure...if your system only requires linear *roles* then it's either poorly designed, very trivial or not going to be very extensible...
Ahh grass hopper...much to learn...they are NOT ideal, in fact they are already antiquated in terms of efficacy and efficiency (in some ways)...the only reason object databases haven't taken off...I imagine...is two fold:RDBMS are pretty much ideal for storing user data in every way.
1) Programmer naivety
2) Backwards support (legacy systems/porting issues)
http://www.kuro5hin.org/?op=displaystor ... 2853/11281
Are you sure about that? I'm thinking Windows & Linux have the capability to select your data store...via an abstraction layer, like PAM or PEAR Auth, etc...Windows handles users and roles this way, as does unix, and most other OS's. I've very rarely seen a truly hierarchical user system, which is why your comment confuses me
I know Windows has it's own version of LDAP appropriately called: Active Directory
http://en.wikipedia.org/wiki/Active_Directory
And on Linux or any other OS you could use LDAP to do exactly as I have said...only not with XML...still both support structure by nature...this is not just the interface either, I'm willing to bet like a DOM, they are implemented using tree's not arrays or vectors...which at the implementation level speeds code up not down. Linear storage man...jesus...thats so last year
From the sounds of things, it looks like what I've suggested is already being considered, but using XML:
http://xml.coverpages.org/saml.html
Still not convinced? Here is some more reading...
http://www.microsoft.com/technet/itsolu ... wsdsu.mspx
Cheers