On Tue, Sep 03, 2002 at 04:36:58PM -0700, Joshua Slive wrote: > Just as a crazy idea: Since you are retaining all the old APIs, shouldn't > it be possible to distribute the current modules as mod_auth_compat and > mod_auth_dbm_compat that users could activate to get all the old > directives?
Eek. Then, it would mean for some components, they would be able to do things two different ways. IMHO, that would only lead to code rot and user confusion. To make it clear, there are two phases to the grand scheme (in my mind): 1) Split the components into auth, authn, or authz. The front-ends (basic, digest) would be under: mod_auth_* Authentication (i.e. you are who you say you are): mod_authn_* Authorization (i.e. you can go where you want to): mod_authz_* 2) Switch to a provider scheme. This allows the code within mod_authn_* and mod_authz_* to be factored out to not be cut-and-pasted duplicates of each other. Each one has slightly different variations on the same code. It's a PITA. And, we can't really do #2 until #1 is done. For phase #1, we shift/rename files - no real gain in functionality here. For phase #2, we shift the APIs around. Phase #2 is where we get our real benefits (i.e. mod_auth_digest being able to be something other than file-backed). I think we can do the first part right now (gets our house in order) and then work out how to do #2. I already have a proof of concept for #2 ready, but Sterling and some others have ideas on features we can add for #2 to make it even better. -- justin
