Lennart Regebro wrote:
I don't think that's the case. I have a specific requirement on the
project I'm currently working on to know who the current user is, even
if the something is anonymously accessible.

So you *allow* authorization, and use it, but you don't *require* it.

No. I was to authenticate when credentials are present rather than waiting until authorization is required before starting ot look for authentication credentials...

Perhaps userfolders should have the opportunity to do something as
they're traversed through to authenticate, rather than waiting until
something that requires authorisation kicks them off?

Sounds reasonable.

Any ideas where/how that should be implemented?

Well, I have to say I was really disappointed when I read the W3C specs
for response codes. They freely interchange authentication and
authorization, which are two totally different concepts :-(


Well, I hope you use of "authorization" after "*allow*" was an accident then ;-)



Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

Zope-Coders mailing list

Reply via email to