On 12-07-10 11:12 PM, Stephen J. Turnbull wrote:
But isn't that going to take us a long way down the road where we anoint Postorius the one-and-only admin interface? If that really needs to be, OK, but I don't much like it. Among other things, it will make the design and detailed UI of Postorius a focus of discussion for everybody concerned with Mailman 3. And it makes the option to "build one to throw away" much more difficult -- the design decisions already made, and will be made in the near future, will probably live as long as Pipermail has (and Pipermail will continue for several more years, at least!)
I think it may be possible that the core authentication stuff can be pushed into REST without tying us to postorius forever, but I haven't got it quite set in my head how that will go yet.
Right now, Postorious can do logins based on email/password pairs in REST.
We'd like to do BrowserId, which only needs the email (and we're trusting the browser to do the authentication) so that shouldn't be a problem. BrowserID was not completely implemented when I last played in there... unless someone else has finished the hookup, please do not assume that it's fully working and feel free to file bugs so what's not working is clearly indicated somewhere other than my head. ;) Right now, it generates a login, but has no useful interaction with REST settings.
We'd also like to do openid, which means we need to somehow associate an openid token with an email address.
So right now, postorius needs email address, username (for direct
authentication), and potentially a list of openid or other tokens.
That's a small enough list that we may be able to justify making mailman
core aware of a small token list (or a single openid token?), or we can
let postorius handle that and have core only understand "I am the owner
of this email address -- let me see the associated settings of me." I
think my preference would be to have mailman understand more than
email/password authentication, because I think it'll make things easier
and not have us duplicating data in hyperkitty etc, though.
The messy part, IMO, is what to do with the non-authentication user data. I'm guessing we'll probably want some sort of theme preference data (possibly shared between postorius/hyperkitty/others?). Not sure what else. That stuff... really doesn't have much place in core, but probably will need to be shared between several web components... do we have a second rest server for user data?