On Wed, Dec 16, 2009 at 08:13:39AM -0800, flzz wrote: > Greetings all, my company is currently in the process of migrating to > python + pylons as our development platform of choice. We currently > have a good bit of traffic to support and to help ease maintenance and > operation overheads we will be creating multiple pylons applications > to service certain aspects of our application on the whole. To the > question. Is it possible to have a single Authentication and > Authorization model (repoze.who repoze.what) that is shared among > multiple pylons applications? We currently utilize the debian > packaging system (Ubuntu) to handle software deployment, so the > approach I can see us taking is to abstract out the A&A portion of the > system into its own package (deb/egg). Then from that point we will > create our own pylons template that includes the use of this system. > Am I off base with this approach at all? it seems uniformity of WSGI > and the modular nature of pylons should make this doable.
What I've done is integrate CAS into my pylons app as a replacement for any kind of local authentication. CAS handles user sign in, and supposing that you accomodate it well into your applications, will automatically grant authenticated access to users across applications. This gives nice single sign on for many apps, including diverse application servers and stacks. This leaves authorization and session setup issues to the application. Having shared sessions sounds elegant, but difficult. Check out the message I just posted in "CAS Authentication" for the details on how I integrated. -- Ross Vandegrift [email protected] "If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher." --Woody Guthrie
signature.asc
Description: Digital signature
