Eelco Hillenius schrieb:
Signin is part of the authentication (not authorization), and I concur
that a web framework should provide hooks for it.
Heh :) Don't agree. Authentication should be seen as part of
authorization. Authorization is the end-means of seeing whether action
x is permitted or not. Authentication is just a possible step to
validate whether client a is who he states he is, and to get clear
what security attributes are coupled to the client (like roles/
principals, etc).
I know that authorization and authentication are intertwined, but while
authorization only makes sense with some kind of authentication,
authentication could be used without authorization: Take a simple
operating system, for example. A user logs on (authenticating himself),
and if the OS doesn't support authorization, he can access any file. If
the OS supports authorization, it will check the owner, group and access
flags, and decide whether the user has access.
In a web app, the part of the application that handles requests is
responsible to authenticate a user (even if it is just for http
sessions). That's why I think that it should support authentication to
some degree, but does not have to support authorization at all.
Not all web sites one may want to build with wicket require complex
model objects that handle authorization. But do they really require
security support from wicket?
Then don't use it. It's just a hook. The hook is built on a more
generic hook too.
We found the need to have a mechanism for authentication that is
supported out of the box, and it has been requested by many users. I
agree a framework should provide for anything and it's mother, but in
this case I think Wicket needed the ability to at least cooperate on
this with other layers of your application.
I guess you ment it should _not_ provide for anything and it's mother?
What I would like to have is a component framework that just
concentrates on component relationships and event handling. A web
framework would extend that component framework. And a convenient web
framework may extend this web framework and provide security support,
versioning, etc.
Timo
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
