On Tuesday 14 August 2007 05:49:36 Felix Schwarz wrote: > Hi Mark, > > Mark Ramm schrieb: > > First, I think Identity has a good syntax for checking authorization, > > and if we can keep that syntax but have a more plugable backend we'll > > be in really good shape. > > Agreed. In the last months I aggregated a feature list I expect from an > 'identity-like' system. Most of them are related to session control and > user db backends so I'm really interested developing 'identity2'. Probably > I can spend some paid time in next month to implement certain key features.
What I'd like more is what I outlined more than one year ago: some mean to change the database user to the user that is logged in the application. Of course this would require that the connection be stablished with a database superuser and that all app users also exists as db users, but then it would make modeling the database safer and would make logging triggers much easier to write, cleaning up a lot of boiler plate code on both sides (app and db). After the operation is completed, then the connection should be reset to the superuser, and then returned to the connection pool. This isn't hard to do if one gets into the right point of the database connection and Identity. I didn't have time to implement that yet, but I remember checking the code some months ago. > Where do you plan to discuss/develop this? Especially if others (e.g. > pylons+co) should join, a TG group may not be the right place. Agreed. > > Second, Authentication and Authorization should probably be split out > > into separate packages. > > While this might be a good idea, we should make using it as easy as > possible: There should be no overhead due to the > authentication/authorization split for small projects. TG should (IMHO) > scale down as much as possible. There's usually the overhead of locating the new package and loading it which happens only on start time and this start time is not at all dependent on the size of the project but on the resources used. I believe that scaling down while keeping the "hooks" we have won't be a problem at all. -- Jorge Godoy <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
