On 03/26/2012 11:37 PM, David Jeske wrote:

CSLA doesn't currently have any concept server-auth. The only stateful features it has are view-preferences and read-state, neither of which are important enough to require a password. It uses a password-less system which uses cookies for prefs and a 'read state userid' which a user can manually set if they want. I like it, because it doesn't require login to get some basic browsing prefs and features.

Hooking up an auth system would be necessary for some of the editing ideas in the document I read, or to allow online posting.

So Postorius (the webUI) has a sketch of an auth system using BrowserID at the moment. BrowserID is convenient 'cause it proves you have ownership of a given email address, but we should have OpenID working soon once we've got the code to confirm that a given OpenID can be associated with an email address.

We should do a little thinking about how to make sure that the archives system can make use of the webui authentication. In theory, you could just use the same browserID/etc. and perform authentication again to provide a single sign on with the same tokens, but we can probably do something nicer by sharing the webui django accounts.

Terri