[Mailman-Developers] User-centric authentication and access control

[Stephen J. Turnbull]

Waldbieser, Carl writes:

 > I would like to actually move the authentication and role
 > management *outside* of mailman and have the administrative
 > interface consume the role based information from external sources
 > (e.g. LDAP, CAS or SAML2 attribute release), so I am looking for a
 > more "pluggable" authentication and access management architecture.
 > 
 > Does anything like this exist for Mailman, or is it on the roadmap?
 > Are there technical guidelines for how one might contribute toward
 > something like this?

Andrew Stuart (who replied on mailman-users to direct you here) has
been working on something like that.  However, there's a problem here
that there seem to be a number of different use cases, which are not
sufficiently well-understood to specify separate authentication and/or
authorization modules that could be "adapters" for external
authentication and authorization sources.

There's also the problem that Mailman core itself (the user and list
manager, and mail distribution functionality) doesn't really have any
authentication at all.  The Postorius front-end uses an external
authentication mechanism (Mozilla Persona) but the authorization
information is kept in Mailman core.

So we need requirements and specifications.  For your purposes, you
might look at Andrew's work; much of it might be adaptable to your
needs.