Zope

The original Python web application server - foundation for Plone and inspiration for Guillotina.

The original

Zope is the original open source web application server written in Python, featuring a component architecture and an object-oriented, hierarchical data model. With Zope you get a clean separation of data, logic and presentation, a large variety of built-in objects and a powerful security model. These features combine to let developers focus on their problem domain instead of having to implement basic services.

Zope was invented in 1996 by Jim Fulton, after he had taught a class on CGI programming - Common Gateway Interface, the go-to way to create dynamic websites at the time. On the plane ride home after teaching the class, Jim considered what he didn't like about CGI and wrote the core components of what would become Zope.

Jim's company went on to develop a commercial application server called Principia based on these components. In 1998 Principia was open sourced and the Zope community was born.

Zope is the foundation of Plone, and a major reason Plone has an excellent security record. Zope also served as one of the inspirations for Guillotina.

Traversal, Templating, and More

The foundational components Jim invented in 1996 are still in use today.

  • A web publishing facility based on the concept of traversing a hierarchy of objects
  • A templating engine that combines templates with data to produce HTML
  • An object database supporting atomic transactions, garbage collection, and binary large objects - the ZODB (Zope Object Database)

In the late 90's and early 2000's the Zope community produced a number of additional components which are key elements of Plone.

  • The Content Management Framework providing services and content objects for building dynamic, content-oriented websites - CMF
  • The Zope Component Architecture providing facilities for defining, registering and looking up components, perfect for building applications based on loosely coupled components - ZCA

Security

The integrated security architecture uses the concepts of users, roles and permissions to allow fine-grained access control down to the level of individual content objects, their attributes and methods. The vulnerability track record is tangible proof of the concepts and implementation: As of October 2020 the NIST National Vulnerability Database lists just 43 Zope vulnerability reports over its 21 year history compared to 523 for Typo3, 1083 for Drupal, 3000 for Wordpress, 5671 for Java  and 28,290 for PHP.

Extensibility

The Zope community has created a large library of Zope extensions that provide building blocks for all application needs.

Learn More!

Zope is still in use today and being actively developed. Read the Zope Book , the Zope Developer's Guide, or visit the main Zope documentation site.