My main suggestion for now is to be very careful and not over-engineer the user database component. Provide something minimal that fits the bill and has a minimum of security, e.g. basic-auth over localhost, and possibly https.
For now, I think it would be fine as a Django app if that makes things easier, but also remember how much pain we had at the sprint trying to get Postorius and HyperKitty deployed together (how's that coming by the way?). OTOH, do the easiest thing that will allow our GSoC students to succeed but that doesn't box us in later. E.g. providing a REST API makes sense, and it's okay if there aren't fancy UI to change the schema (unless it's easy using Django). Eventually OAuth is a good idea and I'm not aware of anything else that fits the bill as well, for authenticated scripting of REST APIs. But we probably don't need it for now. One important requirement is that for any data that is kept in both the core and the user database, we must have a way of keeping them in sync. The easiest way of doing that I think is to allow two way communication between them so that if data changes in the core (e.g. an address gets verified by reply instead of link-click), the core can inform the user database of this event. Eventually, we can think about how the core would just share that information or delegate to the user database, but for now, and for the GSoC students, it's probably overkill. -Barry _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9