Re: New module - (session/authentication) seeking a name
[EMAIL PROTECTED] wrote: I hadn't heard of AIS before. Sounds like it would make a nice additional authentication method. Part of my TODO is to abstract both the authentication and storage methods. I should be able to add this auth method after that (though, it doesn't offer any group based permissions, so that would still need handled locally). AIS provides an authenticated e-mail address, in one line near the start of a CGI program. I have built several access control lists based on it, setting up group based permissions implies dividing everyone into groups -- something that makes no sense until you know who you have. I looked over AIS::client... there are a lot of exit statements in there, and a lot of hardcoded HTML. It'd be nice if allowed the user of the module to handle those parts, and just supplied the information it would need (the full URL of the AIS server when needed, etc), just a thought. And if it returned some failure condition, it wouldn't have to exit(), and could allow the client to handle those errors. the exits are because the AIS client has to run several times during the initial handshake. It redirects, then exits, both to establish a session cookie and to redirect to the AIS server. When the session is established, it just looks up the identity and returns. The only thing the user sees from the AIS client module is the redirection pages. The AIS server provides the log-in interface. It might be a while before I get the authentication and storage methods abstracted (shouldn't be all that difficult, but it's not on the top of my TODO list right now). When I do, I'll definately look into AIS, and see if I can find similar resources out there. Wonderful. The dot-gnu authentication committee has abstracted authentication methods into a common interface, so if you want to pick up some pre-built wheels instead of reinventing all of them yourself there might be something useful in http://sourceforge.net/projects/macs -- [EMAIL PROTECTED] There's a fine line between participation and mockery -- Scott Adams
Re: New module - (session/authentication) seeking a name
And what does AIS stand for? Or did I miss that. Lincoln On Fri, 2004-05-14 at 19:50, David Nicol wrote: [EMAIL PROTECTED] wrote: I hadn't heard of AIS before. Sounds like it would make a nice additional authentication method. Part of my TODO is to abstract both the authentication and storage methods. I should be able to add this auth method after that (though, it doesn't offer any group based permissions, so that would still need handled locally). AIS provides an authenticated e-mail address, in one line near the start of a CGI program. I have built several access control lists based on it, setting up group based permissions implies dividing everyone into groups -- something that makes no sense until you know who you have. I looked over AIS::client... there are a lot of exit statements in there, and a lot of hardcoded HTML. It'd be nice if allowed the user of the module to handle those parts, and just supplied the information it would need (the full URL of the AIS server when needed, etc), just a thought. And if it returned some failure condition, it wouldn't have to exit(), and could allow the client to handle those errors. the exits are because the AIS client has to run several times during the initial handshake. It redirects, then exits, both to establish a session cookie and to redirect to the AIS server. When the session is established, it just looks up the identity and returns. The only thing the user sees from the AIS client module is the redirection pages. The AIS server provides the log-in interface. It might be a while before I get the authentication and storage methods abstracted (shouldn't be all that difficult, but it's not on the top of my TODO list right now). When I do, I'll definately look into AIS, and see if I can find similar resources out there. Wonderful. The dot-gnu authentication committee has abstracted authentication methods into a common interface, so if you want to pick up some pre-built wheels instead of reinventing all of them yourself there might be something useful in http://sourceforge.net/projects/macs