Hello, Mark. On Saturday August 30, 2008 00:27:29 [EMAIL PROTECTED] wrote: > Well, I'd love it if we could have a stable API for authentication/ > authorizaiton stuff sooner rather than later, but if the timeline for > getting this done is such that we can't get this done in the next week > or two, I think this is what we have to do.
If the API is the only concern, I think we can make it: I don't have any change in mind for the authorization API, only for the way authentication is configured. Then I propose that before supporting more repoze.who plugins, we start by only supporting the current SQL plugin in a plugin-agnostic API: 1.- We should make sure that the _authorization_ API is completely plugin- agnostic. I think it is, but I'm not sure. 2.- Authentication-related code should be copied from tg.ext.repoze.who to the default TG2 template. This is the code that deals with repoze.who directly, where we setup the challengers, identifiers and authenticators. Again, tg.ext.repoze.who would be left in maintenance mode to avoid breaking existing applications, and the new functionality will be developed in tg.authorization. 3.- And, the hard, new and most important part: Define the API for tg.authorization to fetch the groups and permissions data. I suggest that we handle this with repoze.who metadata plugins defined by tg.authorization; we would have to create metadata plugins for the supported backends in repoze.who, being the SQL one the only urgent. I think this is the easiest and most elegant/scalable solution. Somebody has another solution? This way, the upcoming release will ship the new API, although initially only the SQL plugin would be supported. By the way, is this new package going to be part of the core TG (tg.authorization) or a plugin (tg.ext.authorization)? I guess it's going to be a plugin, but I'm asking just in case... Cheers. -- Gustavo Narea. General Secretary. GNU/Linux Matters. http://www.gnulinuxmatters.org/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
