[Zope-PAS] Challengers (and Zope 3)

Jim Fulton jim at zope.com
Fri Oct 1 06:34:36 EDT 2004

Mark Hammond wrote:
> [Jim]
>>In Zope 3, this is done by the exception view by the
>>Unauthorized Exception.
>>If challengers need to be able to do this, then we will
>>probably need to
>>add better apis for response manipulation, which we probably
>>need anyway.
>>In Zope 2, the challenger might do this in the "is None" case
>>as you suggest.
> OK - that all sounds fine to me.
> I see 2 remaining small issues:
> * The semantics for redirection based protocols isn't clear to me.  The only
> reasonable solution I see would be for:
> def challenge(self, protocol):
>   if protocol is None:
>     # do the redirect
>     return self.protocol
>   else:
>     # do nothing.
> ie, do *not* try and piggy-back the same protocol the way challenge/response
> based ones will.  Is that what you had in mind?

Probably. ;)

I imagine that there will be only one challnger for redirect, so this is
probably moot.

> * We should define the protocol IDs somewhere, so that an (eg) NTLM based
> challenger is confident it has the same protocol as the (eg) HTTP one.


My sense is that we still don't unserstand this well yet.  I think
we need to try this out and see how it works.  See how other protocols
work, etc.

We can't know al of the protocols, so it's hard to put them in a standard
place and it's probably too soon to worry about it.    It only matters
for protocols for multiple challengers and the only one like that that
we know of is http.  Perhaps, for now, we should say this is just 'http'.


Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope-PAS mailing list