[Twisted-Python] Must avatarId always be a string?
peter.westlake at pobox.com
Mon Jan 14 20:10:08 EST 2013
On Mon, Jan 14, 2013, at 22:58, Glyph wrote:
> On Jan 14, 2013, at 3:18 AM, Peter Westlake <peter.westlake at pobox.com>
> >> It seems like the "shared caching reference" would solve this problem
> >> as well?
> > Yes, I think that's the right answer. It's certainly the right design
> > in my case, and perhaps in the general case too.
> I think that this is the right design for now, given the constraints of
> the current cred API; however, it's certainly possible we could think up
> an extension to the cred API that would make this case easier to deal
> with. It also leaves open some not-quite-trivial questions like "how do
> you know when to expire the cache, which are usually easy to work out for
> a particular application but do not generalize easily.
That was the main reason I didn't actually implement a cache :-)
Plus I have a nice solution that works, and only costs one LDAP call.
> I hope you don't give up on thinking about a nicer and more general API
> just because the immediate problem is solved :). Glad I could offer
> useful advice, though.
The main question left in my mind is about the degree of dependency
between the checker and the realm if extra information is passed,
by whatever method. If the realm expects the checker to pass it
(for instance) an LDAP session, then it's pretty much committed
to one particular checker. That means abandoning pluggability -
which admittedly isn't very sensible in that case - and once you
do that, simply passing back a complex structure as an avatarId
seems as good a method as any. It's simple, and it works now.
Likewise Itamar's special-purpose portal suggestion.
More information about the Twisted-Python