tags:

views:

77

answers:

1
Q: 

Handling Authorization in web frameworks

I want to write a simple web framework myself using WSGI, Python. I am in study to understand the authorization system.

The system needs to be more modular and abstract enough to add new system into the project as a plug-in. User may use DB or distributed key/value pair, bigtable, etc to store their information.

Lets say, these sort of stuffs are containers or providers which can be written as plug-ins into the system.

I want to define very higher level IDENTITY to the user who logged in. "Identity" is the right word, used by the many frameworks. But it is really tough to define "Identity" as an object due to its complex nature. It may contain anything, that is specific to application. But, when we writing the application, the application shall take care, what is in the identity. But as a framework, it doesn't care about what is identity.

Authentication shall be separated from authorization.

Users, Group, Role/Permissions can be designed as a plug-ins. The idea behind this concept is, write a good framework (atleast for me for research) with enough space for plug-ins and allow the application developers write the portable code which suites the application.

Is it possible to work with 'identity' object at entire framework?

A: 

"Is it possible to work with 'identity' object at entire framework?"

"But it is really tough to define "Identity" as an object due to its complex nature. "

Until you define identity, yes, it's difficult to work with.

Identity has to be positively specified. Leaving it so vague that "It may contain anything, that is specific to application" means you can't ever get started writing anything useful because you're too worried that "someday someone might invent a concept of identity that you can't handle".

Stop worrying. Identity is well defined and is not complex. HTTP and other protocols define "authorization" (really authentication) with usernames, passwords and realms. And that's all you really need.

Do what Django does: allow someone to add a "Profile" with additional facts about the person. The Profile is not central to identify and authentication. It's not central to authorization. But anyone can add "Profile" stuff for their specific application.

Do not write one model that does everything.

Write one model that works and someone can add to.

S.Lott  2009-04-25 20:27:44

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python