On Jan 14, 2013, at 5:10 PM, Peter Westlake <peter.westl...@pobox.com> wrote:
> The main question left in my mind is about the degree of dependency > between the checker and the realm if extra information is passed, > by whatever method. If the realm expects the checker to pass it > (for instance) an LDAP session, then it's pretty much committed > to one particular checker. That means abandoning pluggability - > which admittedly isn't very sensible in that case - and once you > do that, simply passing back a complex structure as an avatarId > seems as good a method as any. It's simple, and it works now. > Likewise Itamar's special-purpose portal suggestion. The problem is not so much that pluggability is no longer possible if the realm requires something that not all checkers can provide, but that the failure mode is incoherent. For example, checkers specify the credential interfaces that they can check specifically so that they can be slotted together with a protocol seamlessly; if a protocol offers credentials that can't be checked by any of the checkers on its portal, it will try not to offer those mechanisms to its peer. Ultimately, if it tries to shove the wrong credentials in, it will still get a sensible authentication failure, not a random exception. This is important because, for example, credentials checkers are pluggable via the --auth= option to certain twistd plugins; in the future, hopefully realms could be as well. If the realm could declare what it needed from the avatar ID (or, probably, we'd want to call it something other than "ID" if it does more than identify the avatar) and it could sensibly report errors when those things were not provided, then we could have a mechanism that nicely integrated everything. (Also, stuff like this is why we use zope.interface - it makes describing the way these bits fit together relatively straightforward.) -glyph
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
