[Zope3-dev] Pluggability of security policies
Lennart Regebro
regebro at nuxeo.com
Thu Nov 27 08:20:18 EST 2003
Anthony Baxter wrote:
> One thing to consider in any work you're planning on the security machinery
> is how you'd plug HTTP Digest Auth into the system. I can type up a brief
> description of how it works if this would be helpful.
>
> (I looked into plugging it into the current code, but it's non-trivial, and
> not clear to me that it's possible with the current interfaces)
The things I did with PluggableUserfolder is to have different plugins
for identification, authentication (doon to be split into authentication
and "directoryfiction"). The identification plugin "finds" the the
authentification info and extracts the username and password (if any)
from this. I currently have identification plugins for BasicAuth,
cookies and Apache SSL.
Something like that would be nice in Zope 3. I will dig more into this
when I have more time, and when I'm able to get Zope 3 working on
Windows. :) (Anybody succeded with MSVC, or do I need Cygwin?)
More information about the Zope3-dev
mailing list