I was talking to Ben on IM earlier today, and I just wanted to bring some of that discussion out in the open and get feedback from the wider community.
I'm also hoping to recruit a few key people who care about this and have good ideas to work on it with us. First, I think Identity has a good syntax for checking authorization, and if we can keep that syntax but have a more plugable backend we'll be in really good shape. Second, Authentication and Authorization should probably be split out into separate packages. To that end, I think we really need a robust authorization system implemented in WSGI middleware, that is usabel by TG, Pylons, raw WSGI apps, and anybody else who wants it. At the moment it looks like AuthKit seems to be the best candidate to become that, but it needs a bit of continuing love to make it into all it could be. Beyond that, I think the identity API is good (well, I'm not sure about the visit tracking stuff, but the rest of it for sure!). And it would be great to have a separate project be started to give that some love and make it work great for both TG and Pylons users. TurboPeakSecurity is another option, that we can consider, but I don't want to make it the default in tg2 just yet. I have two hesitations the first is that it may generate too much API churn right now. But the second more important issue is that it's based on RuleDispatch which doesn't have any clear future support. If PEAK.rules gets to the point where it's a viable replacement which Philip Eby will support, and TPS is moved over to use it instead of RuleDispatch, I'd think that it would be a very viable API that many people would prefer to the current Identity stuff. What do you all think? On 8/8/07, Ken Kuhlman <[EMAIL PROTECTED]> wrote: > On 8/8/07, Mark Ramm <[EMAIL PROTECTED]> wrote: > > > > I'm CCing Pylons-devel list, as the last I heard somebody overthere > > had plans to do some identity like syntax on top of elixir that also > > allowed tying access to particular data in the database. > > Is turbopeaksecurity[1][2] still being considered? When TG 2.0 was > originally being discussed [3], Alberto suggested that identity's > replacement might use authkit for authentication & tps for authorization. > It still seems like a good plan to me.. > > -Ken > > [1] Original TPS announcement, April 2006 : > http://groups.google.com/group/turbogears/browse_frm/thread/bcbac0746978887d > [2] Information regarding a TPS rewrite, April 2007: > http://www.nabble.com/Working-on-an-identity-replacement--t3540544.html > [3] "TG 2.0", Jan 2007: > http://groups.google.com/group/turbogears-trunk/browse_frm/thread/d7bb30e1799c1b02 > > http://trac.toscat.net/TurboPeakSecurity > http://svn.toscat.net/TurboPeakSecurity/trunk > > > > > -- Mark Ramm-Christensen email: mark at compoundthinking dot com blog: www.compoundthinking.com/blog --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
