[Zope-PAS] Challengers (and Zope 3)
Jim Fulton
jim at zope.com
Fri Oct 1 06:34:36 EDT 2004
Mark Hammond wrote:
> [Jim]
>
>>In Zope 3, this is done by the exception view by the
>>Unauthorized Exception.
>>If challengers need to be able to do this, then we will
>>probably need to
>>add better apis for response manipulation, which we probably
>>need anyway.
>>
>>In Zope 2, the challenger might do this in the "is None" case
>>as you suggest.
>
>
> OK - that all sounds fine to me.
>
> I see 2 remaining small issues:
>
> * The semantics for redirection based protocols isn't clear to me. The only
> reasonable solution I see would be for:
>
> def challenge(self, protocol):
> if protocol is None:
> # do the redirect
> return self.protocol
> else:
> # do nothing.
>
> ie, do *not* try and piggy-back the same protocol the way challenge/response
> based ones will. Is that what you had in mind?
Probably. ;)
I imagine that there will be only one challnger for redirect, so this is
probably moot.
> * We should define the protocol IDs somewhere, so that an (eg) NTLM based
> challenger is confident it has the same protocol as the (eg) HTTP one.
Probably.
My sense is that we still don't unserstand this well yet. I think
we need to try this out and see how it works. See how other protocols
work, etc.
We can't know al of the protocols, so it's hard to put them in a standard
place and it's probably too soon to worry about it. It only matters
for protocols for multiple challengers and the only one like that that
we know of is http. Perhaps, for now, we should say this is just 'http'.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope-PAS
mailing list