[TYPO3-dev] Services architecture

[Dmitry Dulepov]

Hi!

Helmut Hummel wrote:
> If anyone is willing to implement a "rsatransfer" service, which does
> not do authentication, but only provides decrypted crendentials to the
> service chain, then go on and do it.

I still do not understand why it is necessary. This is not how services work.

Service purpose is to authenticate. This is what rsaauth does: exactly the 
purpose of the service. If iy only decrypts, it cannot be called 
authentication service any more. It would also create another hidden 
knowledge in the system, which we should avoid.

And finally, this is an attempt to "fix" something that works well.

-- 
Dmitry Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/