[Zope3-dev] Local authentication

[Albertas Agejevas]

Hi,

Suppose we have an application that manages its own person objects.
We want to give logins and passwords to those persons and want them to
be able to authenticate to our system.

We want to use the default Zope security model, because we want to be
able to integrate our app with all kinds of software that will be
available for the Zope 3 platform: wikis, blogs and whatnot.

One additional constraint is that we want our system to be able to
configure itself automatically, when the distribution package is
installed or the content object is added in the ZMI.  In other words,
going to ++etc++site and clicking things until all is configured is
out of the question.

Right now, I see two ways to implement our requirements:

  1. Define plugins for the Pluggagle Authentication Utility.

     This has the unpleasant disadvantages related to automatic
     registration and configuration of a local utility and a PAU
     instance.  It bit us hard when we tried to do things like that a
     couple of years ago, and the things have not changed much.
     Furthermore, as the Component Architecture is undergoing a major
     revamp, the registration interface is going to change.

  2. Roll our own authentication service (the interface is pretty
     simple), and create a site stub on our to hold that service.
     The challenge here is to make our stub site to interoperate
     correctly with other local sites.

Are we stepping into a minefield?  Are there better ways to gain what
we need?

Thanks,
Albertas