[Twisted-web] Sessions and Authentication for Web2
glyph at divmod.com
glyph at divmod.com
Thu Nov 17 19:47:52 MST 2005
On Thu, 17 Nov 2005 11:09:42 -0800, David Reid <dreid at dreid.org> wrote:
>While it might be a valid assumption, there is no common public interface
>provided to facilitate it.
The interface is ICredentialsChecker, specifically, requestAvatarID.
>Perhaps because no one knows what that should
>look like, perhaps because no one felt it was necessary.
Return a Deferred from requestAvatarID...?
>But I do believe
>that something like twisted.protocols.sip.IAuthorizer, that allows for an
>arbitrary number of round trips should be in cred,
That's not what IAuthorizer does. That's what Deferreds do: you can call deferred-returning methods from within requestAvatarID. That allows for an arbitrary number of round trips.
I really don't see how IAuthorizer is relevant to this discussion at all, in fact.
>either the ICredentials
>interface should be extended (probably through a subclass) or a new
>interface should be created.
Clearly, but that doesn't mean that something should be in cred. From ICredentials' documentation:
"""
Implementors _must_ specify which sub-interfaces of ICredentials
to which it conforms, using zope.interface.implements().
"""
ICredentials is explicitly listed as a super-interface, it doesn't mean anything by itself, you have to create subinterfaces for every different kind of authorization.
>I'm toying with some ideas of how to best do
>this, but I don't really "get" cred
Clearly not :)
>so if you have any requirements other
>than arbitrary number of round trips, let me know so i can take those into
>account now rather than later.
Honestly, I have no idea what you're talking about. Have you read Abe's new book? He covers everything in terms of cred.
More information about the Twisted-web
mailing list