I just finished building a plugin for repoze.what that enables
authorization for X509 client certificates. It basically consists of two
predicates (is_issuer and is_subject) which can check for any X509
attribute field. It also has an IIdentifier which returns credentials
according to a specified x509 field.
It still is in alpha, because I'm open to suggestions or any feature you
may want. It has full unit test coverage and I'm making the documentation
(I haven't finished it).
You can see the repository at:
The documentation at: http://readthedocs.org/docs/repozewhat-x509/en/latest/
Repoze-dev mailing list