jhiver at mkdoc.com
Wed Mar 31 11:39:36 BST 2004
>The three layers make sense to me. However, I'd think that MKDoc::Authz
>would be a more intuitive name for the Authorization layer.
>FWIW, I do authentication/authorization using the following tools:
> authentication - custom login; managed with sessions
> access rules - hash of runmodes and permissions
> authorization - via CGI::Application (check permissions cgiapp_prerun)
I am not yet completely clear what I am going to do about authorization.
Currently in MKDoc we've got some simple, hierarchical 'read/write' type
permission, however this is not generic at all.
However as I'm modularizing MKDoc, I'm moving further towards a
completely RESTful type of architecture in which every bit of
functionality has its own URI. So I'm planning on making the
authorization layer work with URIs.
It has the advantage to be completely application independant. As long
as your apps use well-constructed URIs for each separate bit of
functionality, there should be no trouble applying quite fine-grained
I intend to get the authorization layer to work with access control. I
have written a module, MKDoc::Control_List, which may serve as a
low-level module for a potentially more sophisticated permissions /
More information about the MKDoc-modules