2009/3/11 Martijn Faassen <faassen@startifact.com>:
Dan Korostelev wrote:
2009/3/11 Roger Ineichen <dev@projekt01.ch>:
Betreff: [Zope-dev] Proposal: refactoring of zope.app.security
- Move IAuthentication and other interfaces into new zope.authentication package. Also move there PrincipalSource and the "checkPrincipal" utility function. Also move there the PrincipalTerms class, however that will add dependency on zope.browser (which is really really tiny, as you may know). Should we move the password "managers" registry and vocabulary to zope.authentication too?
No, I think they need to be just moved back into zope.password. The zope.authentication is expected to be tiny package that contains only interface definitions and PrincipalSource.
You would expect from the naming that bits of zope.app.authentication would end up in zope.authentication as well.
Yep, that can be expected from the naming, but really, zope.app.authentication is just one of implementations, like z3c.authenticator and we need a package that contains IAuthentication interface & co. that are currently contained in zope.app.security. I think that there's no better name for that package than zope.authentication.
I think that at least some of the bits in zope.app.authentication could be factored into something like zope.pluggableauth though.
I agree. However, may be the better name is zope.pluggableauthentication? Anyway, that can be done later. There's no need to touch zope.app.authentication to do zope.app.security refactorings, when zope.password is now extracted -- WBR, Dan Korostelev