jhiver at mkdoc.com
Tue Mar 30 17:06:12 BST 2004
As I'm advancing in MKDoc::Auth, the generic authentication module, I
just wanted to share a few thoughts about authentication and authorization.
Basically, in order to make MKDoc pluggable in any kind of
authentication scheme, I really, really, _really_ need to clearly
separate the authorization logic from the authentication logic.
At the moment I am doing the authentication module. It contains the
following basic functionality:
* confirm user account
* edit user account information
* delete user account
Problem: there is no authorization layer yet, so anybody can edit
anybody's account details!
So it seems to me that I am going to have to release, in fact, 3
MKDoc::Auth - Authentication layer
MKDoc::AccessRules - Authorization layer
MKDoc::Auth::BasicRules - Deploys basic access rules for MKDoc::Auth on
a given site.
Does this make sense?
More information about the MKDoc-modules