>
> Right, I'm aware of the repoze.who lessons. Authorization is always
> going to be a WSGI framework component ("endware") and not an isolated
> middleware. But there should be some subpart of the API, which allows
> you to share the same authorization information across multiple WSGI
> applications. Or deal with some of the external authorization
> handling, when you offload things to Apache or other SSO approaches.
>
> But I'm not familiar enough with this topic to know what exact subpart
> this is. It might come down to just the userid.
>
> Hanno
> _______________________________________________
> Framework-Team mailing list
> Framework-Team@lists.plone.org
> http://lists.plone.org/mailman/listinfo/framework-team
>Realistically this is what Oauth[1] already does so that one doesn't need to concentrate on worrying about the intricacies of passing or sharing that information. PAS could use OAuth to pipe the required data back to Plone. Right now the Openid stuff is a step in the right direction but realistically it creates a virtual like user in Plone. This could possibly be extended whilst i'm doing work on my plip ticket with some prototypal code on how it would work. [1]: http://oauth.net/ -- Christopher Warner http://cwarner.kernelcode.com
_______________________________________________ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
