Hash: SHA1

Tom Hallam wrote:
> I've often wondered about this: Authenticated vs Member.  Member is
> often treated and being equivalent to authenticated: if you can
> authenticate then you are a member.

"Member" is a CMF-level concept, which goes *way* back to its PTK roots.
 In the CMF, authenticated members may get "extra" services provided to
them (e.g., a "home folder"), and may have site-local preferences (e.g,
which skin they use, how many search results to show per batch, etc.) or
properties (contact information, photo, etc).

The membership framework is designed to keep the CMF agnostic of the
underlying user folder implementation.  Note that Plone is *not*
user-folder agnostic;  it needs specific, extra features not provided by
a "stock" user folder;  the users returned are thus more easily confused
with the site's "members".

> There are some use cases that I can think of when you may want to use
> member as something more than just authenticated (eg - they've paid
> their membership) but may not want to stop authentication for non
> members (eg the membership renewal requires authentication).

Some sites don't even require "real" authentication of their members.

> We've got a similar situation for students: we really don't need member
> rights for students but we do need them to authenticate.  We can
> distinguish between students and staff by looking at group membership in
> the LDAP database.  We'd like to be able to assign membership role based
> on group membership
> I don't think that you should automatically assign the member role upon
> authentication.  You may want this to be the default behavior but you
> should be able to override it.

Group -> role bindings *are* likely to be the domain of the user folder,
whether LDAP-based or not.

- --
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Zope-PAS mailing list

Reply via email to