Pyramid Vs ZTK Security
Pyramid Zopache, Grok, and ZTK all have different security models.
Pyramid and Grok have security on views. That is a good idea. They implement it differently. Grok has a requires directive used to specify what permission is required, and a rich vocabulary for assigning permissions. Pyramid also specifies the required permission for views, but then it queries the content objects to see if they support that permission. Pyramid objects, or classes have an __acl__ attribute. It either returns the permissions for viewing that object, or it is called to return the permissions. So Pyramiid ties security to the content classes definition. I prefer the Grok approach.
ZTK also supports security on objects. Grok removes security on objects during traversal. Zopache will also be using security on objects. ZTK places security on objects, involves wrapping them in a security proxy. ZTK has two layers of security. The zope.security defines a generic security model. Then zope.securitypolicy defines a very zope-2 like security policy.
zope.securitypolicy lets you allow or deny permissions.
The initial release of Zopache has a simple security model. When you register you get a branch of the tree under you. You can add and edit objects on that branch, others can view them.