TechRef documentation has been pushed to the working branch.
Some questions to consider:
- Is mod_perl the right tool? I chose it to avoid introducing new dependencies.
- Would it make more sense for each authentication type to use a different mod_perl handler, rather than having all auth endpoints use OpenILS::WWW::RemoteAuth as the handler? Using the same handler simplifies some configuration and hopefully allows Apache processes to be reused by different endpoints, but maybe distinct handlers are preferable.
- Will the current design handle a high volume of patron auth requests?
- Are there any reasonable use cases that can't be accommodated by the current design? So far you can restrict authentication by home library, usergroup (by requiring a perm that is only granted to certain usergroups), blocks/standing penalties, and active/expired status.
- To make live tests work, a default EG install will have a Basic HTTP Authentication endpoint at /api/remoteauth, restricted to local access only. Is that OK (and if not, how do we do live tests)? Do we want to use a different URL path?
- Is there a better way to manage the disparate authentication requirements of library vendors?
TechRef documentation has been pushed to the working branch.
Some questions to consider:
- Is mod_perl the right tool? I chose it to avoid introducing new dependencies.
- Would it make more sense for each authentication type to use a different mod_perl handler, rather than having all auth endpoints use OpenILS: :WWW::RemoteAut h as the handler? Using the same handler simplifies some configuration and hopefully allows Apache processes to be reused by different endpoints, but maybe distinct handlers are preferable.
- Will the current design handle a high volume of patron auth requests?
- Are there any reasonable use cases that can't be accommodated by the current design? So far you can restrict authentication by home library, usergroup (by requiring a perm that is only granted to certain usergroups), blocks/standing penalties, and active/expired status.
- To make live tests work, a default EG install will have a Basic HTTP Authentication endpoint at /api/remoteauth, restricted to local access only. Is that OK (and if not, how do we do live tests)? Do we want to use a different URL path?
- Is there a better way to manage the disparate authentication requirements of library vendors?