I''ve been lurking on the list for a few weeks now, as well as working
through the Agile book and the Wiki, and I''ve run across several
detailed discussions about authentication/authorization (A/A: includes
login, permissions, ACLs, etc., etc.). I''ve been particularly struck
by
the apparent consensus that it''s impossible to design a general-purpose
A/A plug-in for Rails or web apps more generally. That''s bad news, as I
would love to benefit from the work of somebody smarter and
better-educated about A/A and Rails than I am :-)
I have to work up an A/A strategy for a new web app project, and I''m
wondering if people have any suggestions for higher-level tutorial
resources on A/A? What I have in mind is not one more plug-in or a
ruby/rails code tutorial, but a more conceptual discussion of how to
think about A/A needs and tradeoffs when designing a site, design
patterns that work for particular domains of A/A problems, and what to
think about when designing a web-app permissions system for scalability,
extensibility, performance, etc.
Anyone got favorite books, articles, other resources that they can
recommend?
tia, --CJ
