close Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 13 and Version 14 of AuthFramework


Ignore:
Timestamp:
Aug 29, 2008, 3:46:56 PM (13 years ago)
Author:
cmlenz
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AuthFramework

    v13 v14  
    11= Authentication and Authorization =
    22
    3 Diva includes a simple but flexible subsystem for authentication and authorization.
     3Diva includes a simple but flexible subsystem for authentication and authorization. It enables relatively easy switching between HTTP authentication (such as `Basic` or `Digest` authentication performed by the web server) and form-based authentication, and provides basic primitives to get started with form-based login, while allowing complete customization. Convenience functions for checking authorization to perform certain actions are provided for use in request handlers and other code.
    44
    5 The main goals of this subsystem are:
    6 
    7  * Enable relatively easy switching between HTTP authentication (such as `Basic` or `Digest` authentication performed by the web server) and form-based authentication.
    8  * Provide basic primitives to get started with form-based login, while allowing complete customization.
    9  * Provide convenience functions for checking authorization to perform certain actions.
    10  * No reliance on a specific backend storage for user profiles and credentials.
    11  * No restriction to a specific method of controlling access to resources (such as ACLs). Applications can use whatever access control granularity they need.
    12  * Storage-independent generation and verification of authentication cookies for form-based login.
    13  * Utility functions for generating and verifying encrypted passwords.
    14  * WSGI middleware for using HTTP authentication, primarily in the context of the DevelopmentServer
     5There's no reliance on a specific backend storage for user profiles and credentials, so applications are responsible for dealing with that. There's also no restriction to a specific method of controlling access to resources (such as ACLs). Applications can use whatever access control granularity they need.
    156
    167The subsystem does not provide built-in processes and UI for user registration, activation, password resetting, and other high-level features.