On Tue, 21 Nov 2000 18:46:33 -0800 Chuq Von Rospach chuqui@plaidworks.com wrote:
At 4:29 PM -0800 11/21/00, J C Lawrence wrote:
For me WebDAV raises concerns centering around authentication and access security.
Authentication is a big bugaboo in general, which Barry and I have hashed around a bit. More on that someday, maybe.
FWLIW I see authentication visavis Mailman as a two level problem:
list activities (command confirmations) access control
The former can be handled with ad hod dynamically generated tokens much as subscribe confirms are handled now. I've posted some notes on good implementations on this previously (I liked the bit about auto-genning an URL that did the command confirmation). The latter just needs to be abstracted to a small script which accepts two command line parameters: UserID and Password. The user can then replace that script with anything he pleases, thus authenticating agsinst he pleases be it SQL, LDAP, or lunar weather sensors.
Ditto BTW holds tru for handling membership lists: just have a tool which when run returns the list of members. Simple command line options then spec returning account details, configs, etc. A little over head for text parsing, but not a whole lot (ObNote XML is a reasonable communications format). Simple, easy to extrapolate, nice efficient piped IO, etc.
-- J C Lawrence claw@kanga.nu ---------(*) : http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=--