> We have similar issues. We are using NT for username and > password auth.
<rant> One of the things that always bothered me about Turbine's user system is that it tries to do too much. It certainly looks like it is geared towards Internet apps, where users can create their own accounts. However, I really believe that for the general case (which is what Turbine should tackle), things like e-mail address, etc. are too much; in this case, less is better. So, I concur with previous posters in claiming that Turbine's user system should tackle one and only one objective: a rational way of providing security management. I would like to see a user system based on VERY SIMPLE interfaces, using opaque ids, and pliable enough to allow using it as the front end for various real-world back-ends (Windows NT security, LDAP, DB, YP, whatever). I'm thinking of the following abstractions (interfaces): * User: id validatePassword(password) changePassword(password) hasPermission(permission) hasAnyPermission(permissionList) hasAllPermissions(permissionList) * Permission: id * Role: id * Application (or Realm, or System, what today is Role): id * The following relationships: Role_Permission User_Role_Application * No additional data in any of the objects. * A REALLY EASY and WELL DOCUMENTED way of extending a default Turbine implementation of these concepts, so that more data could be added to the objects (e-mail, whatever). * (Maybe the same as previous) An easy way of mixing Turbine's user system with existing systems (NT, LDAP, whatnot). </rant> To put my money next to what I'm saying here, I am willing to cooperate in designing, implementing, testing, etc. such a system, if we agree this is a good idea. -- Gonzalo A. Diethelm [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
