[Twisted-web] Sessions and Authentication for Web2
David Reid
dreid at dreid.org
Thu Nov 17 12:09:42 MST 2005
On Nov 17, 2005, at 3:47 AM, glyph at divmod.com wrote:
> On Wed, 16 Nov 2005 13:48:12 -0500, "Clark C. Evans"
> <cce at clarkevans.com> wrote:
>
>> c) Exarkun expressed a strong (ok, mandatory) preference for the
>> use of tw.cred in any Authentication solution. However, it was
>> noted that tw.cred does not allow for challenge-response
>> authentication mechanisms (which all of mine are). Specific
>> examples were noted: twisted.protocols.sip, SASL, OTP
>
> Hmm. How did you get this idea? Cred's design was specifically to
> facilitate challenge-response authentication. That's why login()
> takes credentials and returns a Deferred. The assumption is that
> the credentials object will encapsulate whatever facets of the
> user's connection are required to do the negotiation process.
While it might be a valid assumption, there is no common public
interface provided to facilitate it. Perhaps because no one knows
what that should look like, perhaps because no one felt it was
necessary. But I do believe that something like
twisted.protocols.sip.IAuthorizer, that allows for an arbitrary
number of round trips should be in cred, either the ICredentials
interface should be extended (probably through a subclass) or a new
interface should be created. I'm toying with some ideas of how to
best do this, but I don't really "get" cred so if you have any
requirements other than arbitrary number of round trips, let me know
so i can take those into account now rather than later.
-David
More information about the Twisted-web
mailing list