[Zope-PAS] Checked in the Challenge implementation.
zbir at urbanape.com
Sat Sep 25 09:27:50 EDT 2004
On Sep 24, 2004, at 9:26 PM, Mark Hammond wrote:
> First email:
>>> Surely PAS is so
>>> people can plug other authentication services.
>> Not only. PAS is also there to hande the challenge mechanism, and the
>> reasonably, it should handle the challenge mechanism. And one
>> of the use cases that needs to be supported is redirecting.
> As I said in my most recent mail, I believe we are abusing the concept
> 'challenge' in trying to redirect to a login page. 'challenge' is well
> suited to initiating a traditional challenge/response negotiation.
I don't think so. A challenge is merely a way of collecting credentials
for authentication. "Papers, please." (direct challenge, like an HTTP
Basic Auth) is as valid as, "Go over there and sign in, get a stamp on
your hand, and come back." (issue a redirect, collect form variables,
and attempt to reauthenticate).
More information about the Zope-PAS