[Zope3-dev] Pluggableauth / IPrincipalSource interface proposal
Phillip J. Eby
pje at telecommunity.com
Sat Jul 10 20:21:33 EDT 2004
At 06:34 PM 7/10/04 +0200, Roger ineichen wrote:
>Hi toghether,
>
>I think there are some methods in the interface
>IPrincipalSource missing.
Yes. They were left out on purpose. A principal *source* is just a
source. It is not a principal management service.
>If so should we add a IWritePrincipalSource interface as
>another base interface?
If you need a management interface for Principals, perhaps there should be
an IPrincipalManager. However, such an interface doesn't necessarily have
anything to do with being an IPrincipalSource.
Note that there are many reasons why one might have a principal source that
cannot be written to. For example, a principal source might access a
corporate LDAP server or ActiveDirectory in order to validate access, but
the application may not have any rights to update it.
This is why IPrincipalSource doesn't deal in management of principals: the
framework should not be written so as to assume that a Zope-based
application is allowed to manage its own principals, or even to *list* all
of them.
More information about the Zope3-dev
mailing list