[Zope3-dev] Pluggable authentication utility unusable except by
experts
Jim Fulton
jim at zope.com
Mon Feb 21 09:58:59 EST 2005
The pluggable authentication utility is unusable, except by experts.
Using it requires deep understanding of it's architecture. Some of
the difficulty arises from the poor management UI it has. I think
that some of the difficulty arises from essential complexity. The
pluggable authentication utility was designed to support systems with
complex requirements for supporting multiple user and group sources
and for providing extreme flexibility for authentication protocols. I
think that lots of sites don't need this sophistication. Maybe there
should be a simpler authentication utility that isn't pluggable but
that is much easier to use. Alternatively, perhaps we can provide
some wizards that make the pluggable authentication utility easier to
use.
I suggest that, for X3.1, we need to make the pluggable authentication
utility much easier to use than it is now, or we need to not include
it. If we don't include it in X3.1, then we need to rehabilitate the
old pluggableauth thing we included in X3.1. In terms of making it
easier to use, I suggest:
1. A pluggableauth authentication utility should also be a site
management folder that only contains pluggable authentication
utility plug-ins. Plugins should only be addable to a pluggable
authentication utility. I think that this could simplify plugin
management quite a bit.
2. When creating a pluggable authentication utility, there should be
options to create and register common configurations. For
example, there could be an option to create and register one with
a principal folder and a group folder.
3. In general, the views should expose textual documentation that
explains to the user what's going on.
I think Roger threatened to help with this. Anybody else willing to
help?
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list