[Twisted-Python] Generally useful RFC2617
Ralph Meijer
twisted at ralphm.ik.nu
Thu Nov 3 02:14:37 MST 2005
On Tue, Nov 01, 2005 at 09:57:53AM -0800, David Reid wrote:
> Currently in Twisted/sandbox/dreid/rfc2617.py (with unittests at
> test_rfc2617.py) there is an implementation of RFC 2617 HTTP
> Authentication: Basic and Digest based authentication. [..]
>
> 1) Where to put it?
>
> In theory it should be in twisted core. I just don't know where, and
> didn't want to check it in there somewhere only to have developers with
> more pull than I have to disagree, itamar suggested t.py.digest, dash
> seemed to agree, other suggestions were t.cred.digest, but I just don't
> know.
This appears to be implementing the server side. Correct?
I've been working on implementing SASL for Jabber and started with the
client side of SASL, with server side to follow later. I think we have
similar concerns and might join efforts.
SASL authentication is really a collection of different authentication
methods in a common framework. Protocols like Jabber and IMAP define
their own profiles for encoding and communicating the different steps.
So I split my code in two parts:
- for each mechanism a profile-agnostic implementation
- a Jabber specific wrapper that decodes and encodes using Base64 and
does the protocol side.
The first should be usable for IMAP and other SASL using protocols as
well, so we need to have a common location for this.
To get back to your stuff, the SASL Digest-MD5 mechanism, as described
in RFC 2831 is intended to be upward compatible with the md5-sess
algorithm of HTTP/1.1 Digest Access Authentication, so there is overlap
there.
As far as I know Twisted Cred now only concerns itself with the server
side of matching credentials to 'accounts', not with the interaction
between entities, like SASL, so we need to find our stuff a nice home.
--
Groetjes,
ralphm
More information about the Twisted-Python
mailing list