httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From di...@covalent.net
Subject Re: Auth - how much legacy to preserve ?
Date Wed, 10 Jul 2002 21:27:50 GMT

On Wed, 10 Jul 2002, Pier Fumagalli wrote:

> Dirk, since you're working on a patch for Auth, would it be possible to have
> the groups list somewhere in the request structure? It would be great with
> web applications, where we can match groups with roles (therefore allowing
> authentication to be processed by apache entirely)...

Well - r->user, or any r->credentials are valid there; as they come from
the protocol; i.e. are part of the request.

The group information can, depending on protocol, come from more than one
source

	-> provided with the credentials (e.g. like the 'account'
	   dimension in ftp or your kerberos realm).

	-> a user can belong to N groups as returned by an
   	   all knowing auth system when asked.

	-> a check if the user was in a list of M groups can have
	   yieled that he was a member of P groups which is a
	   subset of M.

Once you add group; there are other dimensions too; i.e. think of the
login.conf resources on BSD, a much more mature framework like that on
mainframes, and so on.

 So this is perhaps a bit more complex than just that.

What is it you would feel as most useful in the web application world -
could you elaborate ?

Dw.


Mime
View raw message