[Zope-PAS] Challengers (and Zope 3)

[Jim Fulton]

I'm working on PAS for Zope 3.  I hope to be able to post a proposal
by way of a README.txt and interfaces file soon.

I've just tried to catch up on the long threads on challenges and
thought it would be a good idea to put my 2 cents in.

I think Mark raises some important points.  It often is
appropriate to issue multiple challenges.  This is especially
appropriate for HTTP-based challenges.

Let me see if I can state this correctly and clearly. For
lack of a better term, I'll say that there can be multiple
protocols for making challenges.  Examples of protocols include
HTTP Authentication and Cookie-based authentication.  There
are undoubtably other protocols, although I don't know of
any off hand. ;)  Generally, protocols are not compatible with
each other. (This is hard to say for sure, but for the protocols
we have, this is the case. :).  Therefore, we don't want to issue
challenges for multiple protocols.

Before I go any further, does this sound right?  Is the statement above
sensible and correct?

Can people think of any other *real* protocols?

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org