On Wed, Jul 24, 2013 at 1:17 PM, Mark Janssen <mpc.jans...@gmail.com> wrote:
> Synchronisation and authentication is definitely not a app-level detail > for a DVCS, the actual transport used could be though. > In fossil's case authentication is (currently) largely an app-level detail. The core bits provide the basis of user+password+hashes+roles, but a large portion of (the majority?) of the real auth-related code is very much dependent on HTTP specifics. When running locally, without HTTP, you effectively have no authentication. My point is only that yes, the lib has to provided some basis for this, but much of the auth legwork is (at least currently) happening at a higher level. My current thinking is that, similar to now, the app is responsible for telling the library which user it is acting on behalf of (which is actually only relevant in a minority of cases - those which make db changes). The user ID/object would become part of the parameters/state for any ops which require it (commit, wiki edit, etc.). -- ----- stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
