[Zope-PAS] First cut at PAS for Zope 3
Mark Hammond
mhammond at skippinet.com.au
Mon Oct 4 22:29:46 EDT 2004
> See in particular:
>
>
> http://svn.zope.org/Zope3/trunk/src/zope/app/pas/interfaces.py
> ?view=markup
>
> http://svn.zope.org/Zope3/trunk/src/zope/app/pas/README.txt?vi
> ew=markup
That's very interesting. I've some general queries:
"""
PAS prefixes
============
Principal ids are required to be unique system wide.
"""
Consider a plugin which uses an external user store - eg, LDAP, and a site
with multiple PAS folders where each folder contains a mythical LDAP plugin.
Each of these PAS plugins is configured to use the same underlying LDAP
store.
If the LDAP plugin knew a globally unique ID for the user (as provided by
the external LDAP store), would it be able to use that ID as a principal ID?
Can we re-use this ID for better integration with the underlying store?
Regarding usernames and IDs in general:
Is it possible to tighten up the semantics of the "username?" The way I see
it, we have 3 distinct id/name attributes for a user:
* The principal_id - should be considered a 'handle' and never directly seen
by the user.
* The login_name - the name they type into a login box along with their
password.
* Their name, as it should be displayed (display name)
However, the semantics are not at all clear to me. principal IDs must be
unique system wide. Presumably 'login_names' need only be unique "PAS wide"
(ie, unique to a PAS instance).
Currently we have "getId()" and "getUserName()", but its not at all clear if
"UserName" is intended to be the "login" name, or the user "display" name.
Can anyone tell me the intent of these? Should they be formalized?
Thanks,
Mark
More information about the Zope-PAS
mailing list