[Twisted-Python] Generally useful RFC2617

David Reid dreid at dreid.org
Tue Nov 1 12:57:53 EST 2005


Currently in Twisted/sandbox/dreid/rfc2617.py (with unittests at
test_rfc2617.py) there is an implementation of RFC 2617 HTTP
Authentication: Basic and Digest based authentication.  It is based on
the implementations found in twisted.protocols.sip, mantissa.sip, and
sine.sip.  The goal was to pull the sip specific stuff from these
implementations and make something that would be useful for other
protocols such as HTTP and IMAP.  A couple of points are unclear
however.

1) Where to put it?

In theory it should be in twisted core.  I just don't know where, and
didn't want to check it in there somewhere only to have developers with
more pull than I have to disagree, itamar suggested t.py.digest, dash
seemed to agree, other suggestions were t.cred.digest, but I just don't
know.

2) IAuthorizer.

rfc2617.IAuthorizer, and *.sip.IAuthorizer before it, strike me as a
really poorly named interface.  It's purpose is to create challenges,
and decode the response into something that can be used to return an
ICredentials.  This seems like a more generally useful concept than just
to HTTP Auth, but there isn't currently anything like it cred.  (Note
I'm aware of cred.authorizer but they are not even similar interfaces,
which is part of the reason IAuthorizer is so poorly named.)

Anyway, I'm just hoping someone will tell me where to put it other than
"where the sun don't shine" because I think that's covered under *.sip

-David





More information about the Twisted-Python mailing list