[Twisted-web] [Nevow] new chapter about authentication

L. Daniel Burr ldanielburr at mac.com
Fri Aug 4 10:17:38 CDT 2006 

On Fri, 04 Aug 2006 02:16:56 -0500, <glyph at divmod.com> wrote:

> On Thu, 03 Aug 2006 19:58:58 -0500, "L. Daniel Burr"  
> <ldanielburr at mac.com> wrote:
>> On Thu, 03 Aug 2006 17:54:54 -0500, Valentino Volonghi aka Dialtone  
>> <dialtone at divmod.com> wrote:
>> I think this whole discussion is based on a misunderstanding.
>
> I agree.
>

Yay! ;)

>> To me, the bottom line is this: If all you are ever going to do is build
>> web applications, then you will *never* see any real point in jumping
>> through all of cred's hoops (portal, avatar, mind, WTF?
>
> Guard _should_ support single-sign-on systems like OpenID or Active  
> Directory, to minimize the number of passwords that users have to  
> remember when interacting with Twisted sites.
>

I'm sure everyone agrees that SSO support would be highly desirable.

> If it did, it would be a lot easier to sell some of the learning  
> required to use it well.  But I think that we could do a lot to make the  
> learning seem easier: once over the initial hump, guard is not hard to  
> use and the conceptual design is very simple.
>

Absolutely.  The real point I was trying to make is that your "typical"
web developer (yes, I know people hate when I generalize like this) just
wants some mechanism that he/she doesn't have to think about.  Granted,
some people are very uncomfortable using technology that they haven't
read line-for-line, but I'm not one of those.  I actually *like* for
things like authentication/authorization to be black boxes.  Not in
terms of the code, mind you, but in terms of use.  Don't make people
get cred/guard zen in order to feel comfortable using them.

[snip]
> I think that interacting with it through a slightly higher-level
> system like Mantissa is pretty easy, so some focus on a bit of
> boilerplate to hide some of the more advanced details would be good.

Yes, this is the black box to which I was referring.  As someone who
uses Mantissa, one of the things that appealed to me was that I did
not have to do anything but create some user accounts, and I didn't
have to even think about guard.  It all just works, and that's the
kind of ease-of-use that is needed.

Of course, my answer is to just use Mantissa, but there seems to be
a fair number of people who only want Nevow, hence this whole thread.

Thanks for clarifying where cred/guard should go.

L. Daniel Burr (amberite)

More information about the Twisted-web mailing list