Porting the features of nevow.guard to twisted.web.guard
Hi gang, Per a short chat with exarkun (thanks exarkun), I'm posting this to the list for discussion. A project upon which I am working requires a twisted.web service that allows a user to delegate authentication/authorization to a third party, e.g., Facebook, Twitter, et cetera. In so doing, I've found myself missing nevow.guard, since web.guard currently only has out-of-the-box support for HTTP Auth. I'd like to see web.guard expand to cover more kinds of auth, such as form-based auth or the OAuth-based solutions coming from so many social graph sites. With this in mind, I asked exarkun about this, and he mentioned that the only thing he does not consider to be garbage in nevow.guard is the feature-set, and that I should port the features to web, discarding the baggage. I'd like to solicit the list for some guidance as to what those features are, or should be, and hopefully end up with a ticket describing the features to be implemented, which I will then attempt to implement and contribute to twisted.web. Thanks, Daniel -- L. Daniel Burr ldanielburr@mac.com (312) 656-8387
Hi, Daniel I'd very much support having more authN/authZ systems in web.guard. Ideally, also some support for xacml and nfsv3 acls. Ilja On 27 May 2011 21:47, L. Daniel Burr <ldanielburr@gmail.com> wrote:
Hi gang,
Per a short chat with exarkun (thanks exarkun), I'm posting this to the list for discussion.
A project upon which I am working requires a twisted.web service that allows a user to delegate authentication/authorization to a third party, e.g., Facebook, Twitter, et cetera. In so doing, I've found myself missing nevow.guard, since web.guard currently only has out-of-the-box support for HTTP Auth. I'd like to see web.guard expand to cover more kinds of auth, such as form-based auth or the OAuth-based solutions coming from so many social graph sites.
With this in mind, I asked exarkun about this, and he mentioned that the only thing he does not consider to be garbage in nevow.guard is the feature-set, and that I should port the features to web, discarding the baggage.
I'd like to solicit the list for some guidance as to what those features are, or should be, and hopefully end up with a ticket describing the features to be implemented, which I will then attempt to implement and contribute to twisted.web.
Thanks,
Daniel
-- L. Daniel Burr ldanielburr@mac.com (312) 656-8387
_______________________________________________ Twisted-web mailing list Twisted-web@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
On 27 May 2011, 06:47 pm, ldanielburr@gmail.com wrote:
Hi gang,
Per a short chat with exarkun (thanks exarkun), I'm posting this to the list for discussion.
A project upon which I am working requires a twisted.web service that allows a user to delegate authentication/authorization to a third party, e.g., Facebook, Twitter, et cetera. In so doing, I've found myself missing nevow.guard, since web.guard currently only has out-of-the-box support for HTTP Auth. I'd like to see web.guard expand to cover more kinds of auth, such as form-based auth or the OAuth-based solutions coming from so many social graph sites.
With this in mind, I asked exarkun about this, and he mentioned that the only thing he does not consider to be garbage in nevow.guard is the feature-set, and that I should port the features to web, discarding the baggage.
I'd like to solicit the list for some guidance as to what those features are, or should be, and hopefully end up with a ticket describing the features to be implemented, which I will then attempt to implement and contribute to twisted.web.
Hiya Daniel, This didn't generate as much discussion as I hoped. :) However, I think you went ahead and started a project - txsomethingsomething? How is that working out? Jean-Paul
Hi Jean-Paul, On Tue, 03 Jan 2012 08:24:20 -0600, <exarkun@twistedmatrix.com> wrote:
On 27 May 2011, 06:47 pm, ldanielburr@gmail.com wrote:
Hi gang,
Per a short chat with exarkun (thanks exarkun), I'm posting this to the list for discussion.
A project upon which I am working requires a twisted.web service that allows a user to delegate authentication/authorization to a third party, e.g., Facebook, Twitter, et cetera. In so doing, I've found myself missing nevow.guard, since web.guard currently only has out-of-the-box support for HTTP Auth. I'd like to see web.guard expand to cover more kinds of auth, such as form-based auth or the OAuth-based solutions coming from so many social graph sites.
With this in mind, I asked exarkun about this, and he mentioned that the only thing he does not consider to be garbage in nevow.guard is the feature-set, and that I should port the features to web, discarding the baggage.
I'd like to solicit the list for some guidance as to what those features are, or should be, and hopefully end up with a ticket describing the features to be implemented, which I will then attempt to implement and contribute to twisted.web.
Hiya Daniel,
This didn't generate as much discussion as I hoped. :) However, I think you went ahead and started a project - txsomethingsomething? How is that working out?
Jean-Paul
There is a project, https://github.com/minskmaz/txWebAuth, to which I contributed a tiny amount of code. Neither the main author nor myself have done much to progress the work, but there is a rudimentary design in place at least. The only major difference between txWebAuth and guard is some widening of the ICredentialFactory interface, which is necessary to allow for form-based and OAuth flows. Thanks, Daniel
On Jan 3, 2012, at 10:38 AM, L. Daniel Burr wrote:
Hi Jean-Paul,
On Tue, 03 Jan 2012 08:24:20 -0600, <exarkun@twistedmatrix.com> wrote:
On 27 May 2011, 06:47 pm, ldanielburr@gmail.com wrote:
Hi gang,
Per a short chat with exarkun (thanks exarkun), I'm posting this to the list for discussion.
A project upon which I am working requires a twisted.web service that allows a user to delegate authentication/authorization to a third party, e.g., Facebook, Twitter, et cetera. In so doing, I've found myself missing nevow.guard, since web.guard currently only has out-of-the-box support for HTTP Auth. I'd like to see web.guard expand to cover more kinds of auth, such as form-based auth or the OAuth-based solutions coming from so many social graph sites.
With this in mind, I asked exarkun about this, and he mentioned that the only thing he does not consider to be garbage in nevow.guard is the feature-set, and that I should port the features to web, discarding the baggage.
I'd like to solicit the list for some guidance as to what those features are, or should be, and hopefully end up with a ticket describing the features to be implemented, which I will then attempt to implement and contribute to twisted.web.
Hiya Daniel,
This didn't generate as much discussion as I hoped. :) However, I think you went ahead and started a project - txsomethingsomething? How is that working out?
Jean-Paul
There is a project, https://github.com/minskmaz/txWebAuth, to which I contributed a tiny amount of code. Neither the main author nor myself have done much to progress the work, but there is a rudimentary design in place at least. The only major difference between txWebAuth and guard is some widening of the ICredentialFactory interface, which is necessary to allow for form-based and OAuth flows.
Thanks for the update, Daniel. If that's really all there is to it, would this widening of ICredentialFactory be appropriate to just include in Twisted? Would that help OAuth (and its ilk) move forward in the txEcosystem? -glyph
Hi Glyph, On Wed, 04 Jan 2012 19:40:45 -0600, Glyph <glyph@twistedmatrix.com> wrote:
On Jan 3, 2012, at 10:38 AM, L. Daniel Burr wrote:
[SNIP]
Hi Jean-Paul,
There is a project, https://github.com/minskmaz/txWebAuth, to which I contributed a tiny amount of code. Neither the main author nor myself have done much to progress the work, but there is a rudimentary design in place at least. The only major difference between txWebAuth and guard is some widening of the ICredentialFactory interface, which is necessary to allow for form-based and OAuth flows.
Thanks for the update, Daniel.
If that's really all there is to it, would this widening of ICredentialFactory be appropriate to just include in Twisted? Would that help OAuth (and its ilk) move forward in the txEcosystem?
-glyph
That's the only change to an existing twisted interface. The rest can be done via checkers and appropriate guard-style wrapper resources. The change to ICredentialFactory is so tiny that I don't know if there is any meaningful benefit to making that change in twisted proper, but I'm fine with whatever works for the interested parties. Thanks, L. Daniel Burr
participants (5)
-
exarkun@twistedmatrix.com -
Glyph -
Ilja Livenson -
L. Daniel Burr -
L. Daniel Burr