What ever happened...

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Hmm... push versus pull. My idea is that the authenticator passes off as much data (not just a bool of whether or not they authenticated) to the authorizor, but the authorizor could manage the creation of the authenticator and add those stipulations so it ends up with a boolean answer.

Which seems more natural to you?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

What do you mean, can you prove it???
Scenario #1 (simple 1d auth)
Server asks: Who you are?
I respond: I'm Bruce Weirdan.
Server asks: Can you prove that?
I respond: Yeah, of course. I know the password only Bruce knows (here it is: '********'), thus, rest assured, me is him.
*Server checks the data*
Server respond: Welcome, Bruce!

Scenario #2 (classic 3d auth)
Server asks: Who you are?
I respond: I'm Bruce Weirdan.
Server asks: Can you prove that?
I respond: Yeah, of course. I know the password only Bruce knows (here it is: '*********'), I have the hardware token issued to him (*inserting the token into the reader*), moreover, here is my retinal scan (*opening the eye for scanner to scan*) you could check against your database, thus, rest assured, me is him.
*Server checks the data*
Server respond: Welcome, Bruce!

Scenario #3 (delegated auth)
Server asks: Who you are?
I respond: I'm Bruce Weirdan.
Server asks: Can you prove that?
I respond: Yeah, of course. There's an authority you trust, they know me and could confirm my identity, thus, rest assured, me is him.
*Server asks the authority*
Server respond: Welcome, Bruce!

... and so on.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Which seems more natural to you?
I prefer declarative interface, so instead of writing something like this:

Code: Select all

if($auth->isLoggedIn() && $auth->hasPrivilege(VIEW_TOP_SECRET_STUFF)) {
   // show top secret stuff
}
I would rather use something along the lines of:

Code: Select all

restricted_area();
required_privilege(VIEW_TOP_SECRET_STUFF);
// show top secret stuff
It's pretty inflexible, yet clear and simple.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

It's pretty inflexible, yet clear and simple.
Inflexible yes...clear...is debateable...simple is relative...so is an imperative approach to solving this problem...both are easy to understand when giving the context of the section of code, but without that, the former makes much more sense...

Cheers :)
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

but without that, the former makes much more sense...
Debatable as well :D
Post Reply