On Tuesday 20 November 2001 13:00, Ian Bicking wrote: > > Here's what I consider the essential aspects of a UserManagement > > system: > > > > * secure authentification mechanism that works with or without > > cookies > > Not included Does it use cookies by default? If we tied up the discussions from the last few weeks about this issue and chose a mechanism then this would be a moot point.
> > * concept of both users and groups (completely separate from the > > OS!) > > Yes, calls them roles. Ah, but 'groups' are not the same things as 'roles'. I'm using 'groups' in the traditional unix sense of the term, but with the proviso that a group can belong to other groups. 'roles' are something completely different. A better term for 'roles' is 'actions'. In the context of web publishing, actions could include the following: view, edit, delete, rollback, publish, hide, etc. example: members of group X are allowed to view object Y, but not edit/delete/etc. it. >From memory, Zope's concept of 'roles' is not what I'm thinking of. There should also be a catch-all group like 'everybody'. > > * support for multiple data stores(flat file, BDB, various > > relational databases, etc.) > > * ability to tie into existing databases without needing to > > migrate data (i.e. soft-code the fields used) > > It does have flat file and MK -- that implies other stores wouldn't > be hard I guess I should take a look at the code. > > * good logging > > This might be incidental to what UserKit actually does -- well, I > don't think it is meant to *do* anything, only be a way to query > information (about users) -- logging every query is very noisy. I just mean at the authentification stage. > What UserKit could really use is some good examples and docs -- not > thorough, but more like a map. It didn't seem entirely clear to me > how it fit together. The code itself seems very compact (all the > more reason docs are important). Who's using UserKit??? Chuck, Tom, Geoff? anyone else? > I think permissions should be considered something of a different > issue -- ACLs being traditional at this point, but not always > appropriate. They are closely tied to the system's notion of a an > object and the granularity of permissions. Permissions (aka authorization) are a layer on top of the authentification system, so maybe we should start there. I did a whole bunch of this stuff (several thousand lines) in PHP before I got sick of it and moved to Python. I'll see if I still have it sitting around somewhere. _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
