Page 1 of 1
Specification for Authentication Flow
Posted: Wed Jul 12, 2006 8:24 pm
by Ambush Commander
I've been working on this for a bit of time, and I think now it's time to field it for some comments.
Authentication flow - AuthTools Notes
Comments please. If you can't bring yourself to read it, that's a problem too, which means that I haven't made reading it delightful enough.

Posted: Wed Jul 12, 2006 10:40 pm
by Christopher
It seems like a sufficient coverage of this issues and requirements for a Authentication library.
The part I am suspicious of is the sub-session -- mainly because of you argue a little to strongly for it. My sense is that you have talked yourself into that design, but probably only multiple sessions are needed -- if that.
Posted: Wed Jul 12, 2006 10:42 pm
by Benjamin
Seems very well written, I'll read the entire thing when I have more time.
Posted: Wed Jul 12, 2006 10:46 pm
by Ambush Commander
The part I am suspicious of is the sub-session -- mainly because of you argue a little to strongly for it. My sense is that you have talked yourself into that design, but probably only multiple sessions are needed -- if that.
Arguing strongly for it?

Perhaps I was arguing too strongly against sub-subsessions. You're correct however: subsessions are very much an extra feature. However, I couldn't figure out any way to implement it logically with only hooks, so I made concessions in the core code.
Actually, multiple sessions where the original plan, but I realized that each of these would then have it's own authentication status, and it made more sense to delegate that to one session.
Subsessions are an interesting feature, but I can't see most systems implementing more than one of them.
Seems very well written, I'll read the entire thing when I have more time.
Thanks.
Posted: Thu Jul 13, 2006 1:03 am
by Christopher
Ambush Commander wrote:Actually, multiple sessions where the original plan, but I realized that each of these would then have it's own authentication status, and it made more sense to delegate that to one session.
Sounds more like you could have a SessionManager (or more specific: SessionStatusManager) that took care of just that. Probably just renaming them (from Session/Subsession to SessionManager/Session) might make sense if that is what they are. The problem with the name sub-session is that it sounds like component/composite thing when you clearly state that it is not.
Posted: Thu Jul 13, 2006 6:56 am
by Ambush Commander
Probably just renaming them (from Session/Subsession to SessionManager/Session) might make sense if that is what they are.
The trouble with that is that SessionManager is still a session in its own right, so that name is misleading too.
The problem with the name sub-session is that it sounds like component/composite thing when you clearly state that it is not.
It is a component thing. It's not a composite thing.
Maybe if I just found a different name for subsession... (but I am a bit attached to that name, unfortunantely)