[ANN] Monticello (and OmniBrowser) support site

Avi Bryant avi at beta4.com
Wed Apr 28 01:13:26 UTC 2004


On Apr 27, 2004, at 5:57 PM, Andreas Raab wrote:

> Hm... have you thought about tapping into SqP for authorization?! I 
> have no
> idea how much would be required on either end, e.g., how hard it would 
> be to
> extend SmallWiki to support authorization from SqP and how hard it 
> would be
> for SqP to provide appropriate authorization services but I had thought
> about setting up a site lately and I most definitely will not open it 
> it for
> anonymous access. Some trust based scheme such as SqP seems *just* 
> right for
> such a support site but at this point I don't see how one could set it 
> up.
> Any ideas?

Assuming that the user trusts the support site, it's not a problem.  
http://people.squeakfoundation.org/xmlrpc.html shows two relevant 
XML-RPC calls:

string cookie = authenticate(string user, string pass)
string level = cert.get(string user)

So, given a user and pass, you can ask SqP a) whether they are valid, 
and b) what level the user is.  The problem is that the user has to 
give their SqP password to the support site for this to work, which is 
fine on a small scale (I trust Colin not to record it and try to 
impersonate me) but I don't want people to get too comfortable with 
doing that in general.

Avi




More information about the Squeak-dev mailing list