Hey, On Fri, Mar 19, 2010 at 03:21:08PM -0700, Brian Aker wrote: > On Mar 19, 2010, at 10:14 AM, Jay Pipes wrote: > >Well, we already have the Session's SecurityContext object, which > >already contains information on the user, hostname, ip, and password. > >What other user information would be needed for ownership of objects? > > We need a format for credentials which is serialized with an objects > creation. The object? That is great for "in-motion" data, but not > suitable for a serialized format.
I don't think we need to enforce any format for the serialized user identifiers, I think simply using the 'user' in the SecurityContext is sufficient. If this is an OpenID format, sure, but it's fine to be a simple username that was authenticated by PAM/LDAP/... too. Speaking of which, we'll probably want to either remove or change the 'get/setIP' methods in SecurityContext to something more generic (such as get/setSource(), where source can be local console, another thread, ...). For informational purposes, you could log owner as well as client source when they were logged in, but not sure if that would really be useful. -Eric _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
