Xataface as foundation for menuing/security/Gateway system?

[JonP]

I need to build a file driven menuing system which needs to implement user sign-in security in three different ways. Via its own MySQL based system, via IBM i's normal user security, or via IBM i validation list security.

System will be implemented in multiple sites - which is partly why I'm considering using a highly flexible system like Xataface as the foundation.

Some of the apps to be linked from the menus (which would vary by user and be multi-tiered) will potentially be written in Xataface, some will be packages, some hand-written, and some built using tools like Zend framework.

Am I starting in the wrong place? In which case other suggestions are welcomed! Or can I readily extend XataFace's security interfaces to be able to use it as the foundation for this.

If the question sounds stupid please excuse me - I'm kinda thinking out loud here.


Jon P.

[shannah]

Hi Jon,

It's difficult to comment with this little bit of information. When you say that it has to implement user sign in in three different ways, is this:
a. A single login box, but the system checks three different places for matching passwords.
b. 3 separate login boxes, and the user chooses the appropriate one.
c. Something else.

Xataface can accommodate multiple login schemes so it would be an appropriate choice to be able to handle this. There are authentication modules for Yale CAS, LDAP, and HTTP authentication already. I have developed Facebook and OpenID modules in the past also, but are unable to release these open source due to client agreements.

Xataface decides which authentication module to use based on the [_auth] section of the conf.ini file. You can dynamically change this at runtime, so accommodating a different authentication method depending on parameters is a simple matter.

You'd just need to create authentication modules for the IBM security.

-Steve

[JonP]

Hi Steve,

Thanks for the reply.

As to what exactly is required - in the long run ot could be all three options with the "something else" perhaps being an IP or URL based criteria that determines if this is an in-house user, a customer, or whatever.

PHP is (relatively) new to the IBM i community and recently uptake has been terrific, but after the initial few in-house applications they all find themselves in need of a menuing/access control system. I'm looking to frameworks such as yours because all of the systems I've looked at are - for want of a better term - "Membership" type access controls and don't seem to give me what I need.

The authenticaltion module approach sounds interesting and it would certainly be useful to build them for the two types of native authentication in use.

Any suggestions as to which would be the easiest of your modules to study to get the basic idea of what would be involved?


Jon P.

[shannah]

You might want to check out some of the existing Authentication modules in SVN
http://weblite.ca/svn/dataface/modules/Auth