WingNews logo WingNews
top | item 11371810

(no title)

vault_ | 10 years ago

A few questions/observations from reading over the docs and source code. There's not necessarily any significance to the order, or weight to the observations.

With the recent NPM stuff fresh in my mind, it seems like you've got a lot of data serialization libraries as dependencies (YAML, msgpack, rapidjson, marshmallow). Are all of those really needed? Why depend on rapidjson at all when Python has builtin json support? It'd be nice if the default config used only builtin libraries here and allowed users to use something fancier or faster if they wanted to.

It's not spelled out particularly well how subjects actually acquire roles and permissions, or how given a subject I'd go about giving them new permissions.

More integration how-tos in general would help a lot with getting started. e.g. Here's how to make this work in a single sign-on environment. Or here's how to use ldap for authentication. Or (how I would want to use this) here's how to use SSO for authentication, group memberships from LDAP, and permissions those groups have from a database.

Is there any way to deny privileges based on permission/role? e.g. If I have a forum that doesn't allow new users to post until they've been vetted, I'd like to be able to say posting requires the 'user' role, but forbids the 'new user' role. Is there some other way to quarantine users?

You say "Because most account stores usually contain Subject information such as usernames and passwords, a Realm can act as a pluggable authentication module in a PAM configuration". Do you just mean that a realm is similar to a PAM module? Because it sounds like you're saying you can actually stick a Yosai Realm in a PAM config. I can see the similarities between a hypothetical LDAPRealm and pam_ldap.so in terms of authentication, but do realms have analogies in other behaviors of PAM modules?

You describe Yosai as being batteries included, but don't seem to be including many useful batteries (LDAP, OAuth, SAML). I know this is an early release, but do you see these being added to base library?

Yosai_AlchemyStore gives me yet another user model (that claims the user table no less!). Can't I provide it with my own?

This is promising though! Most similar libraries tend to be tied to one specific framework or another, so it would be very nice to have something standalone.

(edited for grammar/coherency/tone)

discuss

order

Dowwie|10 years ago

Thanks for your constructive feedback!

You raise a good point about serialization and I generally agree with you about "dependency risk". I will mull this over but welcome you to join me.

I am using a mobile app to respond and can't get back to your other remarks so consider this response part 1