|Version 5 (modified by RyanArchdeacon, 4 years ago) (diff)|
Developer: What are you doing? You're supposed to be providing a useful hook for package designers!
auth.User: It's hard. I'll do it in the next release.
Developer: Come on man, it's your job!
auth.User: Ehh, not really feelin' it. Hey, could you provide a username and password? You're totally blocking my .save() method.
Developer: Uncle Adrian, this model has a bad motivator!
This document seeks to identify resolutions and design propositions that will correct quite the foul attitude we've all experienced when trying to deal with django.contrib.auth.User. Unfortunately auth.User thinks it can just make all sorts of decisions for you and expects you to be happy with your hackish attempt to integrate it into your codebase. I bet you were stoked when you first learned that you had to have an "is_staff" field on your entire project's User model. You thought, "Well, thanks auth.User, but I don't really think this field is necessary for my totally awesome, real-time, Redis 'roided, GeoDjango packed, Pink Pony web app." See, little did you know that was auth.User just giving you the middle finger. But do not fear! We're looking out for you. Ya see, there's a better way....
Philosophy and Some Good Motivation
We think auth.User should have a much different perspective when it comes to your Django app. First and foremost, it is worthwhile to view your application from the perspective of an auth.User since after all, its all about your users, right?
Points to make here:
- A user has an identity, personality
- Identity is not personality
- Personality is an emergent property of experience
- Identity is immutable, personality is fluid
- Authentication is the process of verifying identity
- Credentials are a means by which identity is verified
- Credentials are tools utilized in the process of authentication
- Credentials vary
- Trust is an asymmetrical relationship between interacting entities
- Trust is fluid
- Authorization is the process of granting permission
- Authorization is affected by trust
The User's Interface
Points to make here:
- The content of your interaction with other agents/entities affects your interface, shapes your personality
- Since your interface is influenced by your personality, your interface is also fluid, changing
- When you want to know something about someone else you have a relationship with you ask them!