On 10/4/05, Lethalman <[EMAIL PROTECTED]> wrote:
>
> This AuthMD5 is only a basic-auth authentication, the real MD5 comes
> with digest auth where the client encrypt its data in MD5 too...
>
> However i check for cherrypy and it got multiple models for it but i
> think they're not as good as mine is because:
> 1) MultiAuth is external

What do you mean by "external"? As far as I know, it's a CherryPy
auth/auth scheme, so that's not really external. We'd want to augment
anything that comes from outside to work better with TurboGears, but
as long as the license is compatible anything out there is fair game.

> 2) I found another auth model that uses files, and i think that using
> authentication in a OO mode is better

TurboGears authentication must be able to work with an SQLObject
database, in addition to any other means. There should be a good
out-of-the-box experience for people using all of the TurboGears
parts.

> 3) Did i mismatch what AuthenAutorize means in
> http://www.turbogears.com/community/projects.html? Maybe it means
> "extend already existing authentication/authorization"...

For any project, the goal is the same:

* easy-to-use and handles the common needs in a very simple way
* well-integrated use of the TurboGears parts
* flexible enough to handle relatively common more complex needs
* leveraging as much pre-existing, already tested code as possible
* writing new code to cover the integration and any needs that are
simply not met by code that already exists.

Ideally, the 4th point also means using whole packages so that we can
track changes made in the project it came from.

Authentication and authorization have been done many times before,
even a few times for CherryPy specifically. It seems like a very
likely candidate for gathering ideas and code from other places.

This is not to say that we won't use your auth module, or some of the
ideas you came up with... My point is that *a lot* of work has been
done in webapps to this point, and TurboGears is not a "Not Invented
Here" (http://en.wikipedia.org/wiki/Not_Invented_Here) sort of
project.

> However take care of the opera fix please :)

Committed in r27. Thanks!

Kevin

Reply via email to