Tags:
create new tag
, view all tags

Refactoring Proposal: Registration should not be in the TWiki Web.

Motivation

Man reasons but principally:

Description

The refactoring is strainght forward.

The Registration form & supporting code references are moved from the TWiki web to the Main web.

-- AntonAylward - 13 Nov 2005

Impact and Available Solutions

WhatDoesItAffect: Auth, Refactoring, Documentation
AffectedExtensions:  
HaveQuickFixFor:  

Note: Patch is attached as http://twiki.org/p/pub/Codev/RegistrationShouldNotBeInTheTWikiWeb/twiki-foo-bar-patch.diff. The patch is against the TWikiAlphaRelease of 15 Feb 2004.

Documentation

Some small chage to the documetnation is required.

Examples

No APIs are affected by this change.

Implementation

Trivial. No actual change to code is required.


Discussion

This is really a rationaliztion. The TWiki web is about documentation and configuration. All the user topics, groups, supporting tables are in the Main web. That is where registration ends up. It is also where registration should start.

--

I'd like to add to the mix the idea that users can be defined in more than one web - basically, i'd like to have a Users web for the admins, a Shop/Users web for users of the Shop, and Bugs/Users for users able to report bugs, and natrully, to be able to combine the users from multiple webs to give them all access to the Sandbox web smile

makes me wonder if active topics like this shouldn't be in something akin to the templates web, as they are very similar to the Attach screen, the 'more actions' page etc...

-- SvenDowideit - 13 Nov 2005

What you are describing, Sven, is perilously close to RBAC - role based access control.

I much prefer RBAC for a number of reasons. Principally its a lot easier to administer than access control lists. With a large user base ACLs can get very long and difficult to administer (as well as verify, debug and audit). RBACs are much simpler: "This is what this role can do" A user can have more than one (zero?) role if necessary. RBACs are much easier to administer and are O(#of Roles) rather than O(# of users) from a performance POV.

While ACLs are straight forward to program - that's why historically they are so common - RBACs are more business orientated and in fact no harder to program. It is not a new technique, it was documented first back in the mid 1970s. I've used it myself in a number of database applciations. See http://csrc.nist.gov/rbac/ for details as well as an implementation example.

However this is quite separate from the issue of this topic, that .... Registration should not be in the TWiki Web.

-- AntonAylward - 13 Nov 2005

I concur: Registration should not be in the TWiki web.

I am about to disable registration on a site I am administering - and because the text I need to change is in the TWiki web I'm changing stuff that should be immutable.

-- MartinCleaver - 14 Nov 2005

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2005-11-14 - MartinCleaver
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.