[Zope3-dev] Pluggable authentication utility unusable except by experts

Jim Fulton jim at zope.com
Mon Feb 21 09:58:59 EST 2005 

The pluggable authentication utility is unusable, except by experts.
Using it requires deep understanding of it's architecture.  Some of
the difficulty arises from the poor management UI it has.  I think
that some of the difficulty arises from essential complexity.  The
pluggable authentication utility was designed to support systems with
complex requirements for supporting multiple user and group sources
and for providing extreme flexibility for authentication protocols.  I
think that lots of sites don't need this sophistication. Maybe there
should be a simpler authentication utility that isn't pluggable but
that is much easier to use.  Alternatively, perhaps we can provide
some wizards that make the pluggable authentication utility easier to
use.

I suggest that, for X3.1, we need to make the pluggable authentication
utility much easier to use than it is now, or we need to not include
it.  If we don't include it in X3.1, then we need to rehabilitate the
old pluggableauth thing we included in X3.1.  In terms of making it
easier to use, I suggest:

1. A pluggableauth authentication utility should also be a site
    management folder that only contains pluggable authentication
    utility plug-ins.  Plugins should only be addable to a pluggable
    authentication utility.  I think that this could simplify plugin
    management quite a bit.

2. When creating a pluggable authentication utility, there should be
    options to create and register common configurations.  For
    example, there could be an option to create and register one with
    a principal folder and a group folder.

3. In general, the views should expose textual documentation that
    explains to the user what's going on.

I think Roger threatened to help with this. Anybody else willing to
help?

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope3-dev mailing list