[Zope-dev] New package: zope.authentication AND the problem.

[Dan Korostelev]

Hey, community.

As a part of zope.app.security refactoring process, a new package has
been created - "zope.authentication". It basically contains
IAuthentication and other auth-related interfaces, as well as
PrincipalSource. So it's intended to define a basic concepts and
contracts of principal authentication for the zope framework to be
implemented by other packages.

There are three implementations that I know of currently: the "global
principal registry" from zope.app.security (it will be moved into new
package, called "zope.principalregistry"), the zope.app.authentication
and z3c.authenticator.

It's quite request type independent so it can be used with
non-zope.publisher requests, like WebOb or something, but here the
problem appears:

The zope.app.security defines the ILoginPassword
(getLogin,getPassword,needLogin) adapters for zope.publisher's HTTP
and FTP requests. I wonder where should they go, because the
"zope.authentication" package doesn't want to depend on
zope.publisher, as (like i said before) it is intended to be tiny and
independent on any request implemenation.

I'd move those adapters into zope.publisher itself, but this will
require adding the "zope.authentication" dependency for
zope.publisher, which I think is okay, because zope.authentication is
very small and will probably be used together with zope.publisher
anyway.

Another solution which I like much less is to move those adapters to
"zope.authentication" and define an extra dependency (sigh) on
zope.publisher, but then the package won't be so nice, clean and
generic as it could be. :-)

Opinions?

-- 
WBR, Dan Korostelev