On Wed, 10 Jul 2002, Pier Fumagalli wrote:
> Dirk, since you're working on a patch for Auth, would it be possible to have > the groups list somewhere in the request structure? It would be great with > web applications, where we can match groups with roles (therefore allowing > authentication to be processed by apache entirely)... Well - r->user, or any r->credentials are valid there; as they come from the protocol; i.e. are part of the request. The group information can, depending on protocol, come from more than one source -> provided with the credentials (e.g. like the 'account' dimension in ftp or your kerberos realm). -> a user can belong to N groups as returned by an all knowing auth system when asked. -> a check if the user was in a list of M groups can have yieled that he was a member of P groups which is a subset of M. Once you add group; there are other dimensions too; i.e. think of the login.conf resources on BSD, a much more mature framework like that on mainframes, and so on. So this is perhaps a bit more complex than just that. What is it you would feel as most useful in the web application world - could you elaborate ? Dw.