httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jus...@erenkrantz.com>
Subject Re: file tree diff of 2.0 vs 2.2
Date Thu, 10 Nov 2005 05:23:28 GMT
--On November 9, 2005 7:25:13 PM -0800 "Roy T. Fielding" <fielding@gbiv.com> 
wrote:

>    o  I thought I understood the auth/authn/authnz/authz split,
>       but looking at the files makes me confused again.  The docs
>       seem to be the config.m4 file.  Only a third of the auth
>       source files have any meaningful comments.

Here's how the split should be aligned:

mod_auth_*  -> Modules that implement an HTTP authentication mechanism
mod_authn_* -> Modules that provide a backend authentication provider
mod_authz_* -> Modules that implement authorization (or access)
mod_authnz_*-> Module that implements both authentication & authorization

Authentication == Is this user who they say they are?
Authorization  == Is this client allowed to perform the req'd method?

As mentioned earlier today, I view access as being equivalent to authorization.

I know both Paul and my 'What's new in 2.2' talks have explained this at least 
in passing.

Adding comments or better docs is always a good thing.  One thing is that 
these modules are *much* simpler than their 2.0 counterparts, so the need for 
extensive documentation isn't as pressing - provided you understand how they 
all fit together.  =)  -- justin

Mime
View raw message