[Phplib-users] phplib app integration

[Stephen W. <wo...@me...>]

I have been following the interesting discussion between Gian, Ben and
other, but I want to jump back from the details for a minute. I think
this builds on what you guys have been saying but I need to say it to
see if I understand in it. So here goes ...

An application is accessible by an authorized user.
An application provides access based on the authorization level of the
user.
Different application need to have different authorization levels for
its users.
A single user might have different authorization levels depending on the
application.
The information to define a user is different for different apps.

    I think this much is correct, did I miss anything?

This seems to imply that phplib needs a generic Auth module that is
application and user independent - its job would be to asertain if a
user is how they say they are via their password, then return there
unique user id.

Applications need to register themselves at installation with the Auth
module and define there authorization levels.

There needs to be a generic User module the defines and or updates a
user and assigns him a unique id. If the user already has an identity,
then he can login and only update those fields that are required for the
new application. 

There needs to be a way for an application create a new user or extend
an existing user to be authorized at some level for that application.

Applications need to register user specific data they might want to
store for a user with the user module if there is a common one used by
all apps.

Then you have a common user login that will allow him/her to move
between authorized applications.

This also seems to imply that the application does not nessisarily own
the User of the Auth tables and they might not been in the same database
as the application tables, especially if there are multiple databases.

This is grain for the mill, feel free to grind it up :)

-Steve