On 03/26/2012 11:37 PM, David Jeske wrote:
CSLA doesn't currently have any concept server-auth. The only stateful
features it has are view-preferences and read-state, neither of which are
important enough to require a password. It uses a password-less system
which uses cookies for prefs and a 'read state userid' which a user can
manually set if they want. I like it, because it doesn't require login to
get some basic browsing prefs and features.
Hooking up an auth system would be necessary for some of the editing ideas
in the document I read, or to allow online posting.
So Postorius (the webUI) has a sketch of an auth system using BrowserID
at the moment. BrowserID is convenient 'cause it proves you have
ownership of a given email address, but we should have OpenID working
soon once we've got the code to confirm that a given OpenID can be
associated with an email address.
We should do a little thinking about how to make sure that the archives
system can make use of the webui authentication. In theory, you could
just use the same browserID/etc. and perform authentication again to
provide a single sign on with the same tokens, but we can probably do
something nicer by sharing the webui django accounts.
Terri
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
