OK, so as some of you know I've started work on a new package to replace identity for TG2. I'm calling this package "authority", though if you have a different suggestion for the name, please feel free to let me know.
I managed to do some work on this over the weekend (I probably should have spent the time on other things...but coding for TG is so much more fun! :) Here's what I've got so far: - a basic middleware piece that intercepts 401s from the main app and performs authentication related tasks - a "scheme" object that represents the way users are authenticated/ authorized (i.e. HTTPBasic, HTTPDigest, FormBased). Users should be able to build a custom scheme without too much trouble. - a "require" decorator that will eventually behave similarly to the TG1 require decorator. It checks the beaker session for auth info stored by the middleware, and either passes the request through to the main app or raises a 401 or 403. Right now this just checks that the user is logged in, but will eventually be able to check against a "condition" like TG1 identity does. - storage objects (not yet done) which will represent how the user credentials, group/permission info are stored - a user object which gets stored in a beaker session that stores auth- related info. custom user object should be possible in future. Once all this infrastructure is in place it should be relatively simple to add new user objects, scheme objects, and storage objects which can be mixed and matched to create whatever kind of auth system is needed. My intention is to have a "TG2" scheme which will closely match the identity API, and I'm hoping that you'll be able to do something like: import authority as identity in your Tg2 apps to make porting TG1 apps simple As of this moment, authority is dependent on webob, beaker (which will probably not change) and pylons (which might be changeable in the future). My goal is to eventually make it framework agnostic, but that may require a small adapter piece for each framework. Right now basic HTTP auth sort of works (doesn't actually check a back end for the password info, just checks that username==password), but I haven't moved forward much on anything else at the moment. I'll try to get the code up someplace in an SVN repos over the next couple of days, so that others can take a look. Please send your thoughts and opinions! Kevin Horn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
