[Mailman-Developers] Re: Future of pipermail?
J C Lawrence
claw@kanga.nu
Tue, 21 Nov 2000 22:53:10 -0800
On Tue, 21 Nov 2000 18:46:33 -0800
Chuq Von Rospach <chuqui@plaidworks.com> wrote:
> At 4:29 PM -0800 11/21/00, J C Lawrence wrote:
>> For me WebDAV raises concerns centering around authentication and
>> access security.
> Authentication is a big bugaboo in general, which Barry and I have
> hashed around a bit. More on that someday, maybe.
FWLIW I see authentication visavis Mailman as a two level problem:
list activities (command confirmations)
access control
The former can be handled with ad hod dynamically generated tokens
much as subscribe confirms are handled now. I've posted some notes
on good implementations on this previously (I liked the bit about
auto-genning an URL that did the command confirmation). The latter
just needs to be abstracted to a small script which accepts two
command line parameters: UserID and Password. The user can then
replace that script with anything he pleases, thus authenticating
agsinst he pleases be it SQL, LDAP, or lunar weather sensors.
Ditto BTW holds tru for handling membership lists: just have a tool
which when run returns the list of members. Simple command line
options then spec returning account details, configs, etc. A little
over head for text parsing, but not a whole lot (ObNote XML is a
reasonable communications format). Simple, easy to extrapolate,
nice efficient piped IO, etc.
--
J C Lawrence claw@kanga.nu
---------(*) : http://www.kanga.nu/~claw/
--=| A man is as sane as he is dangerous to his environment |=--