[Zope-PAS] Checked in the Challenge implementation.

Zachery Bir zbir at urbanape.com
Sat Sep 25 09:27:50 EDT 2004

On Sep 24, 2004, at 9:26 PM, Mark Hammond wrote:

> First email:
>>> Surely PAS is so
>>> people can plug other authentication services.
>> Not only. PAS is also there to hande the challenge mechanism, and the
>> reasonably, it should handle the challenge mechanism. And one
>> of the use cases that needs to be supported is redirecting.
> As I said in my most recent mail, I believe we are abusing the concept 
> of
> 'challenge' in trying to redirect to a login page.  'challenge' is well
> suited to initiating a traditional challenge/response negotiation.

I don't think so. A challenge is merely a way of collecting credentials 
for authentication. "Papers, please." (direct challenge, like an HTTP 
Basic Auth) is as valid as, "Go over there and sign in, get a stamp on 
your hand, and come back." (issue a redirect, collect form variables, 
and attempt to reauthenticate).


More information about the Zope-PAS mailing list