I lack the expertise to judge the relative merits of subtly different authentication/authorization strategies vis a vis Pylons. I do know, however, that, as a Pylons "end user", I need a fundamentally sound and practical authentication/authorization mechanism, and it's the last thing I want to have to think much about.
Unfortunately, I can confirm that the AuthKit documentation situation is appalling. I spent hours sifting through the obsolete "Pylons book" chapters, their comments, the source code, and the cookbook documents before getting AuthKit running. The enraging thing is that afterwards I realized that setting up AuthKit is actually quite easy! There's relatively little to it! Yet the documentation turns it into this monolithic, impenetrable thing. This is NO WAY to attract new users (and eventual contributors) to Pylons! Fundamental stuff like this has to be fundamentally EASY, or people are going to look elsewhere. It seems to me that AuthKit may have a few warts: 1) The "one group per user" limitation seems to be irritating people. I don't personally care, because all I need are roles, and I can't help but wonder if the people who are complaining about user groups really need the groups or if they're just confused about the distinction because the documentation is such a disaster. 2) Some of the authentication plug-ins may be under-developed. Some people here are saying the OpenID stuff doesn't work very well. I don't know a thing about it, but I see that OpenID is getting pretty pervasive, so it will probably be increasingly critical to would-be Pylons adopters. 3) The options for how log-in screens are presented with AuthKit seem too constricted or inelegant for some people. I'm just starting to look into this myself, but I have no opinion, yet. I will say that it's something that should just happen "out of the box" and it should be darn easy to customize. That several different parties have initiated their own parallel authentication kits for Pylons while nobody can be bothered to put a few hours into updating and completing AuthKit's documentation is really disconcerting. It does not say that Pylons is a flexible platform with a wealth of options. It says Pylons is a fragmentary, incomplete, incoherent platform that can only get you part of the way there. I'm a refugee from an old python framework--Webware for Python--that was rife with derelict components from the get-go. It just looked terrible. It was embarrassing. There were consequences: the community waned far more than it waxed. I just got serious about Pylons. I think it does a lot of things right, apparently with much credit due Ian Bicking. I apologize for dropping this rant into this thread, but I want to emphasize how big a problem this is for Pylons. If I could just volunteer to "address the problem", I would, but I'm just not qualified yet. About all I can do is write up my own experiences with AuthKit and post them somewhere if I can find an appropriate place for them. Perhaps I will. Meanwhile, I hope some more shakes out soon on this thread, because this dialogue is really really important. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---