Ticket #712 (closed enhancement: invalid)

Opened 6 years ago

Last modified 2 years ago

cred for foolscap

Reported by: warner Owned by: warner
Priority: low Milestone:
Component: foolscap Keywords:
Cc: glyph, warner Branch:
Author: Launchpad Bug:

Description


Change History

Changed 6 years ago by warner 

glyph said he would look into cred for newpb. The basic PBClientFactory
.getObjectNamed/.getRootObject functionality is there, ready for .login to be
built on top of it.

pb.getRemoteURL/.callRemoteURL are related, and need work too

Changed 5 years ago by glyph 

Apparently I lied.  Um.  Cleaning out my queue.  Did you do this sometime in the
last 13 months?

Changed 5 years ago by warner 

Nope, it still needs to be done. Tag!

I lied too: .getObjectNamed/.getRootObject/.getRemoteURL/.callRemoteURL are
gone. The new approach is all about tubs (i.e. PBService) and URLs. One side
creates a tub and does .registerReference(target, name=OPTIONAL), which returns
a URL. The other side creates a tub and does .getReference(URL), which
eventually provides a RemoteReference.

I think cred should be layered on top, (and in a separate module, probably
twisted.pb.cred), so you create a PBRealm and give it checkers and stuff, then
do .registerReference(pbrealm, name="login"). The client end can have a function
that accepts a tub, a target URL, and your credentials.

I'm undecided about whether it is a good idea to expand upon the cred practice
of using Interfaces to distinguish "what" you want to connect to. If we do it,
we should probably use RemoteInterfaces instead, since every RemoteReference
that PB can return will implement the same (normal) Interfaces.

I'd like to see an example of how this stuff should be used first. The one thing
to remember is that we have secure references now, so we can support both
identity-based (i.e. cred) and capability-based (i.e. URL) access models.

Changed 4 years ago by glyph

  • owner changed from glyph to warner

I have no idea what to do about this at this point; does newpb have auth and such?

Changed 4 years ago by warner

  • priority changed from normal to low
  • component changed from pb to foolscap
  • summary changed from [newpb] cred for newpb to cred for foolscap

no, there's no cred in foolscap. It might be useful (for cred-aware programmers or apps) to build a cred-like layer on top of the basic capabilities that foolscap provides.

Everything I've written with foolscap so far has been more capabilities-based: each client gets to know a different secret URL that gives them access to their account, and this URL is what they store rather than a username/password.

Changed 4 years ago by exarkun

A secret URL is just a different authentication mechanism. Cred isn't primarily concerned with username/password authentication. Authentication is part of it, but authorization is present just as much: deciding what someone can do after they have authenticated is also a big part.

Changed 2 years ago by exarkun

  • status changed from new to closed
  • resolution set to invalid

 Foolscap issue tracker

Changed 2 years ago by warner

 http://foolscap.lothar.com/trac/ticket/69 is the new Foolscap ticket for this.

Note: See TracTickets for help on using tickets.