[Zope-dev] Proposal: refactoring of zope.app.security

Dan Korostelev nadako at gmail.com
Wed Mar 11 11:00:59 EDT 2009


2009/3/11 Martijn Faassen <faassen at startifact.com>:
> Dan Korostelev wrote:
>> 2009/3/11 Roger Ineichen <dev at projekt01.ch>:
>>>> Betreff: [Zope-dev] Proposal: refactoring of zope.app.security
>>>>
>>>> - Move IAuthentication and other interfaces into new
>>>> zope.authentication package. Also move there PrincipalSource and the
>>>> "checkPrincipal" utility function. Also move there the PrincipalTerms
>>>> class, however that will add dependency on zope.browser (which is
>>>> really really tiny, as you may know).
>>> Should we move the password "managers" registry and vocabulary
>>> to zope.authentication too?
>>
>> No, I think they need to be just moved back into zope.password. The
>> zope.authentication is expected to be tiny package that contains only
>> interface definitions and PrincipalSource.
>
> You would expect from the naming that bits of zope.app.authentication
> would end up in zope.authentication as well.

Yep, that can be expected from the naming, but really,
zope.app.authentication is just one of implementations, like
z3c.authenticator and we need a package that contains IAuthentication
interface & co. that are currently contained in zope.app.security. I
think that there's no better name for that package than
zope.authentication.

> I think that at least some of the bits in zope.app.authentication could
> be factored into something like zope.pluggableauth though.

I agree. However, may be the better name is
zope.pluggableauthentication? Anyway, that can be done later. There's
no need to touch zope.app.authentication to do zope.app.security
refactorings, when zope.password is now extracted

-- 
WBR, Dan Korostelev


More information about the Zope-Dev mailing list