[Mailman-Developers] Browser ID integration with Mailman

[Florian Fuchs]

Hi,
 
On Tuesday, February 21, 2012 02:28 CET, Barry Warsaw <barry at list.org> wrote: 

> Even if we came up with a way
> to extend the core schema and store the data in the core, how would you access
> it?  There would probably have to be a generic REST API for getting key/value
> data associated with the user in and out of the core.

Hmm, that doesn't sound like you particularly like that scenario. ;-)
I'm not sure if it's a really good idea to use the core as a general data store. If user data (or even list data) is augmented with information the core doesn't need to operate, why not use a second data source. After all we have a system at hand (django) that's designed to do that. 

I kind of liked the idea of an optional "bare-bones" version web ui that doesn't need anything more than the core API to do its tasks. But of course there are many use cases beyond that. 

> I've have a similar question when it comes to authorization.  Just where to do
> we keep the authorization mapping users and roles to actions they can perform?

I'm not sure if that's what you mean, but I would say that depends on who the main authority is for, say, assigning a role to a certain user for instance. What if I revoke the moderator role from a member via the command line (I don't think that's currently possible, but let's say it is...). The core would have no way of actively inform the web ui (or possibly all the many different web ui installations, apps etc...) that this privilege has been revoked. So I'd say this is some information the web ui would have to request from the core.

> I'm very close to punting on this for 3.0 beta (and thus likely for 3.0
> final), though I'm also happy to revisit it during the Pycon sprint (likely
> for a hypothetical 3.1).

Aahhh, the Pycon sprint... :-)

Cheers
Florian