[Zope] small RFC : how to enhance zopistas' web experience

Jerome Alet alet@unice.fr
Thu, 25 Jul 2002 13:40:52 +0200


Hi,

Now that there are lots of web sites dedicated to Zope and its
community, for example :

	zope.org
	zopezen.org
	zopenewbies.net
	zopelabs.com
	zopera.org
	zopegurus.de
	etc...

I've noticed that most of them, if not all, invite the user to open
an account before being able to do something useful (post a news 
message, a document of some sort, etc...)

Considering that most Zope users are interested in most of these sites,
except when the language is not english, and that some want to 
really participate, I think this registration process quickly 
becomes very boring, and remembering all the different passwords
is difficult, unless you always use the same which is insecure.

Couldn't it be possible that all these servers share the same
authentication mechanism, i.e. only usernames and passwords, and
do all their local stuff on their own (roles, possible actions,
homepages, etc...), in one word (ok, two) : Centralized Authentication

For example I suppose it would be possible, if every webmaster
agrees, to use the very same LDAP directory, which might be
replicated for redundancy reasons, to check username+pw when
an user tries to authenticate.

This would have the great benefit of checking not if someone
is part of myownlittlezopecommunity.org but the WHOLE Zope
community, this would also better solder this 
sparse community IMHO.

Of course I understand there are strong security drawbacks to this
approach, but anyway this might be very good to make a real
network of web sites strongly related to Zope, and could only
strenghten the Zope community presence on the web.

<mode thispostshouldalsoincludeanMSrant="ON">
I know it's not better than what Mickey$oft plans to do, but
while I trust the Zope Community (and ZC) I really don't trust
the above named monopolist. 
</mode>

Any comment or flame ?

thank you for reading, anyway

Jerome Alet