[reSIProcate] realms in repro proxy
Rohan Mahy
rohan at ekabal.com
Sun May 15 12:53:03 CDT 2005
Hi,
Currently the repro web admin effectively ignores realms by setting the
realm to the domain name when you add a user. I understand that you
might have a user who has one set of Digest credentials (username,
password, realm) but has multiple AORs (possibly in different domains).
This would indicate a 1:n relationship between digest credentials and
an AOR. However, for some AORs (like sales at example.com) it could be
authenticate with one of several digest credentials. This indicates an
n:n relationship.
I would like to punt on this for release 0.1, but I also want to
explore what would be necessary to make this work. Expressing this
kind of relationship with a database means that you need to have a
table of credentials, a table of accounts, and a table that expresses
the valid authorization relationships between the two. Getting the
admin UI to do this correctly without making it harder to use in the
"ordinary" case could be tricky.
thoughts welcome.
thanks,
-rohan
More information about the resiprocate-devel
mailing list