On Mon, Dec 05, 2005 at 11:10:20PM +0100, Joost de Heer wrote: > Perhaps 'AUTH_NEGATIVE'? That implies that the authorisation check gave a > negative answer, and the reason for it (unable to authorise because this > user can't be authorised with this provider, or the provider said 'no, this > user isn't authorised', or...) is irrelevant.
That's why I'm claiming that having only one real 'negative' return value (AUTHZ_DENIED) makes sense. -- justin