[Twisted-Python] pb.AuthServ and cred.service incongruity

Kevin Turner acapnotic at twistedmatrix.com
Mon Oct 7 01:30:55 EDT 2002


So there is a reason this authorizer-per-service thing has felt funny,
maybe why I felt like there was a pb.MultiService-for-AuthRoot piece
missing.  A conversation I had with Brian ran into this problem:

The short version:
construct pb.AuthRoot with Authorizer

that authorizer is used by pb.AuthRoot/pb.AuthServ to request
Identities.  pb.AuthChallenger/pb.IdentityWrapper obtain a Perspective
for a Service from that identity.

Perspective.getIdentityRequest uses the authorizer of the service
associated with that perspective.  Nothing in the framework encourages
the service authorizer to be the same as the AuthRoot authorizer.  So it
looks like perspective.getIdentityRequest could very possibly return an
identity out of a different authorizer than the one you logged in with. 
And a Service's authorizer attribute may have nothing at all with how
you obtain a perspective to that service.

 ?

-- 
The moon is new, 0.3% illuminated, 0.5 days old.






More information about the Twisted-Python mailing list