From: Paul B. <pau...@em...> - 2004-05-28 10:59:49
|
Ian Bicking [mailto:ia...@co...] wrote: > > There's nothing canonical at this time -- UserKit isn't really > canonical. Inspired by various authentication products (and mechanisms in earlier systems I've worked with), whilst leaving out the big iron requirements and arcane configuration rituals, I recently wrote some simple components for WebStack which let you "guard" an application by redirecting unauthenticated users to a login screen URL; that login screen then does the appropriate authentication before redirecting you back to the application (with the necessary authentication token stored in a cookie). It isn't tested with Webware yet, but when I get round to that, I'm almost certain it will work. ;-) I suppose that, just as was discussed/described on the Wiki once upon a time, there are a few different sides to the story: having a convenient login mechanism, checking user details against some kind of database, being able to conveniently verify a user's authentication state, and access control (which is a whole big area in itself). I'm not familiar with UserKit at all, but it would be nice to resolve this area of uncertainty (with the exception of access control, probably) once and for all. Paul |