On Sunday, Aug 24, 2003, at 08:35 Europe/Rome, Steven Noels wrote:
Stefano Mazzocchi wrote:
If you talk to os kernel folks, they think authentication should happen right at TCP/IP stack level, if you talk to httpd, they will give you an apache module, if you talk to servlet engine folks, they will give you a web.xml descriptor or, if you are lucky, a servlet filter, if you talk to sitemap lovers, they will give you an action.
Out-of-the-blue-thought (and I had way too much wine last night): shouldn't this 'action-in-sitemap' thing be alleviated by an 'orthogonal-to-the-matchers' thing in the sitemap? So that you end up with a section in the sitemap describing the content-generating artefacts, and another one listing the authentication realms, maybe using the same matcher-like constructs describing which portions of the URI space should be protected?
What you are describing is separating the "content-producing artefacts" from "navigational behavior describing semantics".
It's just another way of saying "pipeline" and "flow", respectively.
If you follow that paradigm, you will, pretty soon, understand that the semantics you need to fully describe flow will hardly be easy to write inside the sitemap, then you will end up rewriting what we already have.
I'm having the slight feeling we are moving stuff into flowscript that can mess up good URI practices.
I'm trying hard but I don't see it: rather the opposite. By providing layers of interception, we would be providing a "transparent" way to add AAA around any URL without worrying about making the AAA semantics explicit.
We have, finally, an elegant way to kill the "login" page once and forever. Alas!
One day I hope the anti-flow/pro-action people will simply stop sneaking doubts and come up with real arguments on why we shouldn't heavily bet on the flow.
-- Stefano.
