[Zope3-dev] Local authentication

Jim Fulton jim at zope.com
Tue Feb 1 13:43:31 EST 2005 

Albertas Agejevas wrote:
> Hi,
> 
> Suppose we have an application that manages its own person objects.
> We want to give logins and passwords to those persons and want them to
> be able to authenticate to our system.
> 
> We want to use the default Zope security model, because we want to be
> able to integrate our app with all kinds of software that will be
> available for the Zope 3 platform: wikis, blogs and whatnot.
> 
> One additional constraint is that we want our system to be able to
> configure itself automatically, when the distribution package is
> installed or the content object is added in the ZMI.  In other words,
> going to ++etc++site and clicking things until all is configured is
> out of the question.

You aren't going to get away with completely automatic configuration.
You might prefer to configure everything through ZCML, if you could.

I'll note that, so far, you've been very general.

> Right now, I see two ways to implement our requirements:
> 
>   1. Define plugins for the Pluggagle Authentication Utility.
> 
>      This has the unpleasant disadvantages related to automatic
>      registration and configuration of a local utility and a PAU
>      instance.  It bit us hard when we tried to do things like that a
>      couple of years ago, and the things have not changed much.
>      Furthermore, as the Component Architecture is undergoing a major
>      revamp, the registration interface is going to change.

I don't think it's wise to try to install this automatically.
(This utility *does* need a better configuration UI.)

It would be nice if you could configure this with ZCML.  Generally,
the local site adminstrator is going to need to customize this.

OTOH, if, for some reason, you are building an application that doesn't
need configurable authentication, you could use, or build, an alternate
authentication utility. Heck, you could just use the global registry,
depending on your needs.


>   2. Roll our own authentication service (the interface is pretty
>      simple), and create a site stub on our to hold that service.
>      The challenge here is to make our stub site to interoperate
>      correctly with other local sites.

Right, if you don't need the configurability that the pluggable
authentication utility was designed to provide, it should be simple
to provide your own.

> Are we stepping into a minefield?  Are there better ways to gain what
> we need?

Well, I can't tell exactly what you need so I can't say.

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope3-dev mailing list