[TYPO3-dev] Services architecture

[Marcus Krause]

Hi!

Dmitry Dulepov schrieb am 03/28/2011 09:25 AM Uhr:
> Hi!
> 
> Helmut Hummel wrote:
>> If anyone is willing to implement a "rsatransfer" service, which does
>> not do authentication, but only provides decrypted crendentials to the
>> service chain, then go on and do it.
> 
> I still do not understand why it is necessary. This is not how services
> work.
> 
> Service purpose is to authenticate. This is what rsaauth does: exactly
> the purpose of the service. If iy only decrypts, it cannot be called
> authentication service any more. It would also create another hidden
> knowledge in the system, which we should avoid.
> 
> And finally, this is an attempt to "fix" something that works well.

Well, the new service should be called rsatransfer and the only purpose
would be to provide RSA encrypted transfer of data.

It should not only work for credentials inserted into login form but
should also take care of arbitrary data in general.

Possible use cases:
* credential transfer from a login form (BE/FE)
* transfer of password to set in user setup BE module
* transfer of other confidential data between client & server
* ...

The challenges are:
* structure of a "transfer only" service
* how to describe a relationship between authentication and the transfer
service
* ...


Marcus.