Hmm... push versus pull. My idea is that the authenticator passes off as much data (not just a bool of whether or not they authenticated) to the authorizor, but the authorizor could manage the creation of the authenticator and add those stipulations so it ends up with a boolean answer.
Which seems more natural to you?
What ever happened...
Moderator: General Moderators
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Scenario #1 (simple 1d auth)What do you mean, can you prove it???
Server asks: Who you are?
I respond: I'm Bruce Weirdan.
Server asks: Can you prove that?
I respond: Yeah, of course. I know the password only Bruce knows (here it is: '********'), thus, rest assured, me is him.
*Server checks the data*
Server respond: Welcome, Bruce!
Scenario #2 (classic 3d auth)
Server asks: Who you are?
I respond: I'm Bruce Weirdan.
Server asks: Can you prove that?
I respond: Yeah, of course. I know the password only Bruce knows (here it is: '*********'), I have the hardware token issued to him (*inserting the token into the reader*), moreover, here is my retinal scan (*opening the eye for scanner to scan*) you could check against your database, thus, rest assured, me is him.
*Server checks the data*
Server respond: Welcome, Bruce!
Scenario #3 (delegated auth)
Server asks: Who you are?
I respond: I'm Bruce Weirdan.
Server asks: Can you prove that?
I respond: Yeah, of course. There's an authority you trust, they know me and could confirm my identity, thus, rest assured, me is him.
*Server asks the authority*
Server respond: Welcome, Bruce!
... and so on.
I prefer declarative interface, so instead of writing something like this:Which seems more natural to you?
Code: Select all
if($auth->isLoggedIn() && $auth->hasPrivilege(VIEW_TOP_SECRET_STUFF)) {
// show top secret stuff
}Code: Select all
restricted_area();
required_privilege(VIEW_TOP_SECRET_STUFF);
// show top secret stuff-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg