< Previous by Date Date Index Next by Date >
  Thread Index  

[reSIProcate] realms in repro proxy


Hi,

Currently the repro web admin effectively ignores realms by setting the realm to the domain name when you add a user. I understand that you might have a user who has one set of Digest credentials (username, password, realm) but has multiple AORs (possibly in different domains). This would indicate a 1:n relationship between digest credentials and an AOR. However, for some AORs (like sales@xxxxxxxxxxx) it could be authenticate with one of several digest credentials. This indicates an n:n relationship.

I would like to punt on this for release 0.1, but I also want to explore what would be necessary to make this work. Expressing this kind of relationship with a database means that you need to have a table of credentials, a table of accounts, and a table that expresses the valid authorization relationships between the two. Getting the admin UI to do this correctly without making it harder to use in the "ordinary" case could be tricky.

thoughts welcome.

thanks,
-rohan