Hello, >> I will repeat my question: what additional value is created by >> repoze.who what WSGI can't do? > > repoze.who *is* WSGI. :) Actually it is more. It is WSGI (layer programming?) + Zope (component programming). I just don't get why mix that? Why WSGI is not enough?
> And theoretically it has a lot going for it, > being a "small, sharp tool" (i.e., it tries to do only one thing, and > does it flexibly so it can be used in a wide variety of circumstances, > like Beaker). So I can eventually see it gaining wider adoption among > frameworks (some of which have not been written yet). The complaint > that it's not used by Zope is ridiculous, since it was derived from > Zope. I'm not complaining. I'm just saying that it is not convergence point. Well it is convergence point for WSGI and Component programming, but not for python web frameworks. > The reason repoze.who hasn't made greater gains, I think, is because > it's still more complicated than many people would like. More or less it is OK. As you said yourself AuthKit has the same problem. E.g. repoze.who and AuthKit follows the same pattern on form authentication (cookie plugin + form plugin) while they can use session instead of cookie. repoze.who wins against AuthKit only because it does not try to do authorization. That's not important in our discussion. > The question isn't really "What can repoze.who do that some other WSGI > middleware can't?", but the fact that repoze.who is already written > and has a growing number of plugins. AuthKit is written as well. Has plugins as well. I have demonstrated that you don't need plugins and can write separate middlewares for that. Middleware is WSGI's plugin. Thanks to AuthKit and repoze.who we have plugins with plugins. Sandwich with two layers of butter. Why? Just because "I can"? > That is evidence of some measure of stability and flexibility. It has the same default plugins as AuthKit (that works). OpenID does not work neither on AuthKit nor repoze.who for me. WSGI is flexible and stable as well. > "Groups with roles" goes a long way toward solving the problems of > many complex sites. What other model is there that's more applicable? There is no such model. I'm just saying that it doesn't satisfy everyone. E.g.: 1) user, roles, groups and workflow states. 2) user, roles, groups and context; > What are examples of sites where this kind of model breaks down? E.g. multi-site site where to addition to this model it should authorize by site. -- Dalius http://blog.sandbox.lt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
