close
Warning:
Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.
- Timestamp:
-
Aug 4, 2008, 4:48:41 PM (16 years ago)
- Author:
-
cmlenz
- Comment:
-
Some info on the auth branch
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v1
|
v1
|
|
| | 1 | = Framework for Authentication and Authorization = |
| | 2 | |
| | 3 | This page describes an [source:branches/experimental/auth-framework experimental branch] that adds a simple generic auth framework to Diva. |
| | 4 | |
| | 5 | The main goals of this framework are: |
| | 6 | |
| | 7 | * Enable relatively easy switching between HTTP authentication (such as `Basic` or `Digest` authentication performed by the web server) and form-based authentication. |
| | 8 | * Provide convenience functions for checking authorization to perform certain actions. |
| | 9 | * No reliance on a specific backend storage for user profiles and credentials. |
| | 10 | * No restriction to a specific method of controlling access to resources (such as ACLs). Applications can use whatever access control granularity they need. |
| | 11 | * Storage-independent generation and verification of authentication cookies for form-based login. |
| | 12 | |
| | 13 | Possible/peripheral goals: |
| | 14 | |
| | 15 | * WSGI middleware for using `Basic` and `Digest` authentication, primarily in the context of the DevelopmentServer |
| | 16 | |
| | 17 | Non-goals include: |
| | 18 | |
| | 19 | * Built-in processes and UI for user registration, activation, password resetting, and other high-level features. |
