[Zope-dev] Zope 4 roadmap

Laurence Rowe l at lrowe.co.uk
Tue Nov 22 15:36:09 UTC 2011


On 22 November 2011 10:13, Sylvain Viollon <sylvain at infrae.com> wrote:
>
> Op 17 nov 2011, om 20:57 heeft Tres Seaver het volgende geschreven:
>
>   Hello,
>
>>
>>
>> On 11/17/2011 02:05 PM, Laurence Rowe wrote:
>>> On 17 November 2011 15:23, Martin Aspeli <optilude+lists at gmail.com>
>>> wrote:
>>>> On 17 November 2011 14:46, Laurence Rowe <l at lrowe.co.uk> wrote:
>>
>> <snip>
>>
>>>>> - Move authentication out to WSGI middleware.
>>>>
>>>> +1 - anything we can do to make AccessControl simpler and more
>>>> debuggable would be a big win.
>>
>>
>> Note that there is a counter-trend here among the Pyramid crew:  many
>> developers *want* tight integration of authentication, particularly the
>> login forms.
>>
>
>   And there is a major issue with this is that for the moment your authentication depends from where you are in your Zope 2 application. Maybe in some part of the application the authentication will be done using LDAP, and not in some other: you can have a acl_users only for some part of the application, and users there are available locally and not globally. That is because the authentication is done after the traversing. If you want to do this in a WSGI middleware, you will have to do the traversing in a WSGI middleware before, otherwise lot of people won't be able to migrate theirs applications to Zope 4, because the paradigm changed.
>
>   I don't think this is a good idea because of that.

Do you have multiple acl_users folders in a single Silva site? Or is
it simply the same case as Plone where you might have multiple sites
within the one ZODB?

In the long run I expect that Plone will move to configuring multiple
sites in a single instance through the WSGI configuration (rather than
by creating sites through the ZMI.) In this scenario it would be
possible to have different authentication configurations for each site
in the WSGI config.

Laurence


More information about the Zope-Dev mailing list