I don't think that's the case. I have a specific requirement on the project I'm currently working on to know who the current user is, even if the something is anonymously accessible.
So you *allow* authorization, and use it, but you don't *require* it.
No. I was to authenticate when credentials are present rather than waiting until authorization is required before starting ot look for authentication credentials...
Perhaps userfolders should have the opportunity to do something as they're traversed through to authenticate, rather than waiting until something that requires authorisation kicks them off?
Any ideas where/how that should be implemented?
Well, I have to say I was really disappointed when I read the W3C specs for response codes. They freely interchange authentication and authorization, which are two totally different concepts :-(
Well, I hope you use of "authorization" after "*allow*" was an accident then ;-)
-- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
_______________________________________________ Zope-Coders mailing list Zope-Coders@zope.org http://mail.zope.org/mailman/listinfo/zope-coders