Lately, everything seems very much based on the SOA doctrine, and I actually think that frameworks such as ZF should indeed use this doctrine: Provide isolated services.
Too many files is not a problem, as long as they are not all included before doing anything, and in this case they wouldn't: you'd only call that which you need.
Just my 0.02
Stefan
On 9/21/06, Shekar C Reddy <[EMAIL PROTECTED]> wrote:
If Access Control seems to cover pretty much everything that Authentication does (and, then some), why not just create a single (Access Control) class covering the overall functionality (and call it, say: Auth)? Too many files - how about latency?Thoughts...?
On 9/21/06, Andries Seutens <[EMAIL PROTECTED] > wrote:Hello all,
After going trough Darby and Gavin's proposal on Authentication I did
some research. I believe that there is more brainstorming to be done.
Authentication is any process by which you verify that someone is who
they claim they are. This usually involves a username and a password,
but can include any other method of demonstrating identity.
Access control hower, is a much more general way of talking about
controlling access to a web resource (very abstract). Access can be
granted or denied based on a *very wide* variety of criteria, such as
the network address of the client, username, password, the time of day,
the phase of the moon, or the browser which the visitor is using.
These techniques are so closely related in most real applications, it is
difficult to talk about them separate from one another. However I think
that it is a pretty big design decision that has to be made. Do we make
a difference between these two, or do we *wrap* them in one class?
I would like to ask for brainstorm time, where we can openly consider
all ideas to help synthesize a final proposal, before further decisions
are made.
Best regards,
Andries Seutens
Belgium
http://andries.systray.be
--
Stefan Koopmanschap
http://www.stefankoopmanschap.nl/
http://www.leftontheweb.com/
