[Zope-PAS] Challengers (and Zope 3)

Mark Hammond mhammond at skippinet.com.au
Thu Sep 30 19:17:41 EDT 2004

> In Zope 3, this is done by the exception view by the
> Unauthorized Exception.
> If challengers need to be able to do this, then we will
> probably need to
> add better apis for response manipulation, which we probably
> need anyway.
> In Zope 2, the challenger might do this in the "is None" case
> as you suggest.

OK - that all sounds fine to me.

I see 2 remaining small issues:

* The semantics for redirection based protocols isn't clear to me.  The only
reasonable solution I see would be for:

def challenge(self, protocol):
  if protocol is None:
    # do the redirect
    return self.protocol
    # do nothing.

ie, do *not* try and piggy-back the same protocol the way challenge/response
based ones will.  Is that what you had in mind?

* We should define the protocol IDs somewhere, so that an (eg) NTLM based
challenger is confident it has the same protocol as the (eg) HTTP one.


More information about the Zope-PAS mailing list