william at knowmad.com
Tue Mar 30 18:47:09 BST 2004
On Tue, Mar 30, 2004 at 05:06:12PM +0100, Jean-Michel Hiver wrote:
> So it seems to me that I am going to have to release, in fact, 3
> separate modules:
> MKDoc::Auth - Authentication layer
> MKDoc::AccessRules - Authorization layer
> MKDoc::Auth::BasicRules - Deploys basic access rules for MKDoc::Auth on
> a given site.
> Does this make sense?
The three layers make sense to me. However, I'd think that MKDoc::Authz
would be a more intuitive name for the Authorization layer.
FWIW, I do authentication/authorization using the following tools:
authentication - custom login; managed with sessions
access rules - hash of runmodes and permissions
authorization - via CGI::Application (check permissions cgiapp_prerun)
authentication - Apache .htaccess and/or Apache::AuthCookieDBI
access rules - user/group restrictions
authorization - carefully placed instance scripts which only allow
access to authorized subroutines
Knowmad Services Inc.
More information about the MKDoc-modules