[[Image(user-discussion.png, 400px)]] ''Developer: What are you doing? You're supposed to be providing a useful hook for package designers{{{!}}}''[[BR]] ''auth.User: It's hard. I'll do it in the next release.''[[BR]] ''Developer: Come on man, it's your job{{{!}}}''[[BR]] ''auth.User: Ehh, not really feelin' it. Hey, could you provide a username and password? You're totally blocking my .save() method.''[[BR]] ''Developer: Uncle Adrian, this model has a bad motivator{{{!}}}''[[BR]] == Introduction == This document seeks to identify resolutions and design propositions that will correct quite the foul attitude we've all experienced when trying to deal with `django.contrib.auth.User`. Unfortunately `auth.User` thinks it can just make all sorts of decisions for you and expects you to be happy with your hackish attempt to integrate it into your codebase. I bet you were stoked when you first learned that you had to have an "is_staff" field on your entire project's User model. You thought, "Well, thanks `auth.User`, but I don't really think this field is necessary for my totally awesome, real-time, Redis 'roided, GeoDjango packed, Pink Pony web app." See, little did you know that was `auth.User` just giving you the middle finger. But do not fear! We're looking out for you. Ya see, there's a better way.... == Philosophy and Some Good Motivation == We think `auth.User` should have a much different perspective when it comes to your Django app. First and foremost, it is worthwhile to view your application from the perspective of an `auth.User` since after all, its all about your users, right? Points to make here: * A user has an identity, personality * Identity is not personality * Personality is an emergent property of experience * Identity is immutable, personality is fluid * Authentication is the process of verifying identity * Credentials are a means by which identity is verified * Credentials are tools utilized in the process of authentication * Credentials vary * Trust is an asymmetrical relationship between interacting entities * Trust is fluid * Authorization is the process of granting permission * Authorization is affected by trust == The User's Interface == Points to make here: * The content of your interaction with other agents/entities affects your interface, shapes your personality * Since your interface is influenced by your personality, your interface is also fluid, changing * When you want to know something about someone else you have a relationship with ''you ask them''!