close
Warning:
Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.
- Timestamp:
-
Aug 29, 2008, 3:46:56 PM (16 years ago)
- Author:
-
cmlenz
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v13
|
v14
|
|
| 1 | 1 | = Authentication and Authorization = |
| 2 | 2 | |
| 3 | | Diva includes a simple but flexible subsystem for authentication and authorization. |
| | 3 | Diva includes a simple but flexible subsystem for authentication and authorization. It enables relatively easy switching between HTTP authentication (such as `Basic` or `Digest` authentication performed by the web server) and form-based authentication, and provides basic primitives to get started with form-based login, while allowing complete customization. Convenience functions for checking authorization to perform certain actions are provided for use in request handlers and other code. |
| 4 | 4 | |
| 5 | | The main goals of this subsystem are: |
| 6 | | |
| 7 | | * Enable relatively easy switching between HTTP authentication (such as `Basic` or `Digest` authentication performed by the web server) and form-based authentication. |
| 8 | | * Provide basic primitives to get started with form-based login, while allowing complete customization. |
| 9 | | * Provide convenience functions for checking authorization to perform certain actions. |
| 10 | | * No reliance on a specific backend storage for user profiles and credentials. |
| 11 | | * No restriction to a specific method of controlling access to resources (such as ACLs). Applications can use whatever access control granularity they need. |
| 12 | | * Storage-independent generation and verification of authentication cookies for form-based login. |
| 13 | | * Utility functions for generating and verifying encrypted passwords. |
| 14 | | * WSGI middleware for using HTTP authentication, primarily in the context of the DevelopmentServer |
| | 5 | There's no reliance on a specific backend storage for user profiles and credentials, so applications are responsible for dealing with that. There's also no restriction to a specific method of controlling access to resources (such as ACLs). Applications can use whatever access control granularity they need. |
| 15 | 6 | |
| 16 | 7 | The subsystem does not provide built-in processes and UI for user registration, activation, password resetting, and other high-level features. |
