[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: authentication re-vamp

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2001-09-14 00:16:26 CEST

Ben Collins-Sussman <sussman@collab.net> writes:

> E. Push vs. Pull models. [HARD]
> The current system pre-emptively requests info, then "pushes" it
> at the RA layer. This is odd, given that Apache typically makes
> a challenge and then "pulls" the info. As a result, the info is
> effectively being cached in the session_baton until Apache pulls
> it from there.
> So, it would be nice to switch the whole client/user-interface to
> work with the "pull" model too. One of the main benefits of this
> is that failed authenication can be detected *immediately*;
> right now failed authentication is simply ignored during
> checkout, and isn't discovered until a commit fails later on.

I'm really confused regarding this last paragraph, Greg.

Right now, if our authentication info *fails*, why does the checkout
just happen anyway? I mean, if we want to allow anonymous checkout,
why not require that folks login as "anonymous", like CVS does?

As it stands, somebody mistypes their password, and they have no idea
until they try to commit later. It's like they get a read-only
working copy without realizing it.

> F. Method negotiation? [HARD]
> Can the RA library (running client-side) 'discover' what methods
> are supported by the server?
> Ideally, this list of methods returned to the client should be
> dynamically discovered, rather than being a static list, as it is now.

This is the Big Issue. Please tell me if this is possible.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:41 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.