[cmsms-dev] 2.0 Authentication

Ted Kulp tedkulp at gmail.com
Thu Jun 12 14:57:18 CDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oh yeah, we have a mailing list.  We should use this more.  :)

Ok, so Sil brought up a very good thought about the authentication we
need to add to 2.0.  This was something that I was going to just shrug
off and not worry about it and let some event handle it, but I'm
thinking that's a bad idea now.

I think there's a way we could do authentication with some weird design
pattern (facade, I think) so that it'll allow us to plug multiple
authentication schemes in and not change any code.

The basic idea would be something like (these are classes, don't think
databases)...

CmsUser
- -------
id
username
first_name
last_name
token (this would be an md5 password, openid address, ldap name, etc)
auth_scheme (either md5, ldap, openid)


CmsLogin
- --------
checkLogin(CmsUser) -- this would handle cookies, sessions, etc


CmsAuthenticationScheme -- this would be a facade class
- -----------------------
checkLogin(CmsUser) -- checks the token and auth_scheme and figures out
which class to use


CmsMd5Authentication
- --------------------
checkLogin(CmsUser)


CmsOpenIdAuthentication
- -----------------------
checkLogin(CmsUser)


etc...


And we allow those authentication classes to be extended via modules.
Maybe have an easy way to manipulate the list of auth_schemes that
CmsAuthenticationScheme can see.

Does this make sense?  Do we want a CmsUser for every LDAP user, etc?
Or should it be more transparent somehow?

There are also situations where the authentication scheme will create a
new user...  for instance...  when you login to make a comment the first
time with OpenID.

I think I might go down this road next (before I get too crazy with more
permissions stuff), but I wanted to get people's ideas first.

Thanks,
Ted

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhRf50ACgkQ4tuyywLz39wb5ACfTwL695DkUa44YMqeIxZddXAa
O6MAnjQ2tyWYlOdL1kIbJEJwEqfy5imi
=vEk3
-----END PGP SIGNATURE-----

More information about the cmsms-dev mailing list