Hi,
I've split the issue of authentication and authorization
in two mails, since they are quite different.
I have been thinking about this for some time and have read
the design doc, although outdated yet again. One thing
that is in there and still makes sense in leaving the
authentication to the network layer.
ra_local:
Here we can depend on what the system tells us. The user
is _always_ authenticated (or there must be some weird
admin that decided to let 20 people share 1 account, but
that is not our problem).
[auth methods]
- user has an account on the machine and is therefor
authenticated.
ra_dav:
We can fully depend on apache to do the authentication for
us. There is a variety of choices. It would be nice to
use a client certificate at the svn client side for
authentication when running mod_ssl, but that would be the
only thing missing so it seems in svn.
[auth methods]
- anonymous (http and https)
- user/passwd (http and https)
- client cert (https)
So, we can pretty much tell who someone is. There doesn't
seem to be much to do left in this area of subversion, which
is good news IMHO,
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:39 2006