On 1/11/06, Ian Bicking <[EMAIL PROTECTED]> wrote: > > Kevin Dangoor wrote: > > Jeff has designed an identity API that is amazingly user friendly for > > common cases. I would like to brainstorm a bit on how this API might > > be tweaked to use RuleDispatch syntax which would provide more > > flexibility going forward. That brainstorming should be in a separate > > thread. I'd like to do that brainstorming before 0.9, because I'd > > rather not have such a large backwards-incompatible change afterwards. > > If you are thinking about RuleDispatch, you should probably consider > peak.security: http://peak.telecommunity.com/DevCenter/SecurityRules
Yep, I've looked at that. What I go after, design-wise, with TurboGears APIs is that they should be super simple for the common case and, as much as possible, provide a graceful migration path upwards as needs get more complex. That's a tough balancing act, but I also think that doing that well (or at least trying to!) leads to the best possible product. For typical roles/permissions usage applied as needed to various parts of this system, Jeff's API is awfully convenient. But, I think that judicious use of RuleDispatch could make it possible to go beyond the current API without immediately having to jump to a completely custom IdentityProvider. Kevin
