[Zope] new proposal with Verisign CA (was radius authentication instead of flatfile or userdb?) flatfile or userdb?)

Clarence ctpate@uronramp.net
Thu, 09 Sep 1999 18:57:25 -0500


I would like to thank everyone in advance for the help I have received,
and the help I might receive in the future.

The radius/SecurID thing was my idea, but I was approached this
afternoon by someone else who would rather have certificate
authentication from a Verisign Certificate Authority.

The project involves a process for authorizing requests for items. 
Everyone has lots of paperwork to fill out to requisition stuff.  Many
different people authorize different items.  Sometimes, multiple people
have to authorize one item.

I have toyed with ODBC database connections with Zope 1.10, and I have
created some request forms which e-mail the request information to my
e-mail address.  These are small potatoes compared to this new project. 
I have not integrated Zope with Apache or any other web server.

New project ideas:

1) create web request forms
  a)primary page requests userid (everyone has a userid)
  b)look up userid in Netscape LDAP database (Does LDAP adapter work
with Netscape LDAP?)
  c)display user information - give options for request forms
  d)user chooses and fills out request form

2) create methods to operate on data in request form
  a)move request form information to database (is it better to stay in
zope or move to sql database?)
  b)notify authorizers they have forms to authorize
  c)authorizer logs into zope with certificate from Verisign (does
anyone know if apache/stronghold or other will work with Verisign CA?)
  d)authorizer is presented with a queue of forms to authorize
  e)authorizer signature/certificate is stored along with form data for
proof of authorization (again, is it better to stay in zope with this
information or move to sql.  This information will be very critical and
should be stored in the safest location with regular backups.)
  f)notify user of approval or denial


Questions:

Since I am not a Python programmer, how hard will this be to accomplish?

Can it be accomplished without Python - just dtml and some Zclasses?

Roughly, how long will this possibly take (I will be learning all the
new Zope 2 stuff along the way.  Zope 1 stuff is not too difficult.) if
this is the only project that I am coding?

Would these assumptions work - use apache/stronghold for certificate
stuff and pass this through to zope for login;  use portal toolkit to
present authorization queue to authorizer when he logs in to zope?

I have not looked at portal toolkit.  How are users stored?

If possible, how would I keep the zope root user from authorizing
someone's queue or forms?

Is there a better way, or am I missing something?

Anthony Baxter wrote:
> 
> 
> I just put it up on
> http://zope.org:18200/Members/anthony/software/pyr2.tgz
> 
> Note that I haven't touched the code in quite some time, but it should
> be fine for basic client and server functions.
> 
> Anthony