[Zope-PAS] Re: Authenticated vs Member - was: Authentication and Users

Tres Seaver tseaver at palladion.com
Mon Nov 28 08:54:19 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Hallam wrote:
> I've often wondered about this: Authenticated vs Member.  Member is
> often treated and being equivalent to authenticated: if you can
> authenticate then you are a member.

"Member" is a CMF-level concept, which goes *way* back to its PTK roots.
 In the CMF, authenticated members may get "extra" services provided to
them (e.g., a "home folder"), and may have site-local preferences (e.g,
which skin they use, how many search results to show per batch, etc.) or
properties (contact information, photo, etc).

The membership framework is designed to keep the CMF agnostic of the
underlying user folder implementation.  Note that Plone is *not*
user-folder agnostic;  it needs specific, extra features not provided by
a "stock" user folder;  the users returned are thus more easily confused
with the site's "members".

> There are some use cases that I can think of when you may want to use
> member as something more than just authenticated (eg - they've paid
> their membership) but may not want to stop authentication for non
> members (eg the membership renewal requires authentication).

Some sites don't even require "real" authentication of their members.

> We've got a similar situation for students: we really don't need member
> rights for students but we do need them to authenticate.  We can
> distinguish between students and staff by looking at group membership in
> the LDAP database.  We'd like to be able to assign membership role based
> on group membership
> 
> I don't think that you should automatically assign the member role upon
> authentication.  You may want this to be the default behavior but you
> should be able to override it.

Group -> role bindings *are* likely to be the domain of the user folder,
whether LDAP-based or not.


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDiwwL+gerLs4ltQ4RAnrHAKDNjhTPHXjCdhz1+YtbFvAqdmwrzACgtHWE
IzG1dMgE3t+Ro9XSVUGLbiA=
=fXU/
-----END PGP SIGNATURE-----



More information about the Zope-PAS mailing list