[Auth]meeting notes and LOC

dotgnu-auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Auth]meeting notes and LOC

From:	david nicol
Subject:	[Auth]meeting notes and LOC
Date:	Wed, 10 Jul 2002 00:44:29 -0500

## BEGIN PERL CODE


use DirDB;      # or any other concurrent-access-safe
                # persistent hash abstraction 
use CGI::AIS::Session;
my $Session = Authenticate( 
        aissri <= 'http://www.pay2send.com/cgi/ais/', 
        tieargs <= ['DirDB', './data_Sessions'],
        XML <= ['name','age','region','gender'], 
        agent <= 'Bollow', # this is the password for the AIS service, if
needed
        ( $$ % 100 ? () : (timeout <= 4 * 3600)) # four hours
);
if($$Session{identity} eq 'NULL'){
        print "Location: http://www.pay2send.com/cgi/ais/login\n\n";;
        exit;
}elsif($Session->{identity} eq 'ERROR'){
        print "Content-type: text/plain\n\n";
        print "There was an error with the authentication layer",
         " of this web service: $Session->{error}\n\n",
         "please contact $ENV{SERVER_ADMIN} to report this.";
        exit;
};

tie my %UserData, 'DirDB', "./data_Users/$$Session{identity}"; 


## END PERL CODE


That's using what's on CPAN right now.  The two special cases both
would be better handled as thrown exceptions, yes?

The proposal is to adopt the interface of 

        use (something)

        $Identity_object = Authenticate ( per-something data here )

as the Official Perl Client Binding of an authentication method.  I'm
not hung up on my own particular implementation of the handshake,
although
it does work.

I think requiring users to get additional software is not acceptable. 
Cookies
provide plenty of data.

Rewriting the AIS client module in another language should be easy
enough.
A C version could be linked into anything else.  Setting it up as an 
Apache mod_auth module would work too although I'm not sure how to do
that.

If nobody has anything to say in defense of "Weak" authentication as
described
in previous message I will go ahead and rewrite to "Strong" semantics
with
thrown exeptions and the example AIS server will not return without an
identity
unless given explicit user-instruction to do so -- something like "click
here
to continue without an identity, if that is allowed by the web service
you
are accessing."



-- 
"You look like you could have slept with Iggy Stooge" -- Cher U.K.

[Prev in Thread]

Current Thread

[Next in Thread]

[Auth]meeting notes and LOC, david nicol <=
- Re: [Auth]meeting notes and LOC, Barry Fitzgerald, 2002/07/10
  - Re: [Auth]meeting notes and LOC, Mario D. Santana, 2002/07/10
    - Re: [Auth]meeting notes and LOC, Barry Fitzgerald, 2002/07/10
    - Re: [Auth]meeting notes and LOC, Mario D. Santana, 2002/07/10
  - [Auth]gnutls, Ken Nowack, 2002/07/10

Prev by Date: [Auth]proposed modifications of davidnicol AIS (working implementation of proposed Perl auth interface)
Next by Date: [Auth]all AIS is supposed to be
Previous by thread: [Auth]proposed modifications of davidnicol AIS (working implementation of proposed Perl auth interface)
Next by thread: Re: [Auth]meeting notes and LOC
Index(es):
- Date
- Thread