[Phplib-users] three tier auth made possible
Brought to you by:
nhruby,
richardarcher
From: Giancarlo <gia...@na...> - 2002-10-31 23:16:40
|
Now I go with my examples (and needs). Suppose I want Site A to release authentication based on being registered to Site B. All users registered at Site B are automatically authenticated for Site A too. The auth resides on Site B. Site B has an XMLRPC or SOAP or .NET xml interface that accepts authentication info in the form of XML data, it has a services that, upon receiving XML credentials, replies with som XML data containing a kind of session token. Or, as an alternative, the XML credentials containing the login info are always passed back and forth with each request It can also receive some XML data to accomplish a registration. How could accomplish this using the existing phplib auth feature? I think by decoupling the testing of the user-provided input from the action itself. Site A gets the input via a form. Then SiteA calls the authentication service on SiteB and passes to it the values and a precisse request: authenticate this guy, or register this guy. SiteB replies with some token that Site A will keep in the session, and always will pass this over to SiteB when requesting his features for the guy. So Site A propagates the session, but Site B does the authentication. Site B knows nothing of the input fields that are used in Site A pages. It only performs certain action upon receiving certain fields accompaigned with a certain request. Still the same authentication service of Site B should be used for visitors of his own site. Other examples, always in the same modulation: -All users that register at Site A will get automatically registersed also at Site B. -Users registered at Site A will then pull down some personalized content from their user profile at Site B How do you accomplish that if not by decoupling the registration process from the actual interaction with the client, included keeping the state propagation? So you see that you can only accomplish this by keeping the authentication functions callable separately (not a cascade), unrelated to the input provided (abstract), not even related with any interaction with the client (no splash forms) etc. Auth becomes a service. Page.inc at this point (because it happens *before*calling the auth methods)can be a local interface that interacts with the local client, or a wire interface that handles thos XML/SOAP/.NET remota calls. |