librelist archives

« back to archive

Authentification and User

Authentification and User

William Martin
2011-11-02 @ 14:20

I write some notes about Authentification and User:

* Create an interface class for Authentification backend, with
- 'loadUser' (use by the middleware class)
- 'authenticate' (use by the static methods of Auth class).
With this interface the middle class of photon can be use by every
authentication code.

* Update config key 'auth_backend' to be an array of class that
implement the previous interface. It's allow to register multiple
authentification backend, like: LDAP, OpenID, Yubikey, Login/pwd....
If the first failed, we can try to authentificate the user with
another system.

* Create an interface class for user. Actually the user loading is
hard coded into authentification backend, so we need this interface to
easily load the same user from multiple authentifiaction system (point
2). It's can be something like:
- loadUser from an uid (a number / a string)
- setAuthentificationBackend, to allow to know from which backend the
user is from. For example, an account with admin privileges, can be
reduce to simple user if he don't use an yubikey.

Authentification is use in every project or nearby, so i think it's
important to work on quickly.
PS: With the majordomo pattern i will finish the yubikey
authentification system, in the case of multiple server validation.

All comments are welcome