This page hosts the detailed specification for the ​Blueprint for the Authentication & Access.

S3 currently just uses the default T2 AAA system:

• ​http://trac.sahana3.org/wiki/DeveloperGuidelinesAuthenticationAccess

However this won't be appropriate for all deployment scenarios. The specification we should be working to implement is in the Wiki:

• ​http://wiki.sahana.lk/doku.php?id=dev:security

(NB Sahana is about to change AAA method to it's 3rd & the Vol module currently uses a separate method)

We also want to look at linking the AAA t2_person table with the Person Registry's person table

S2 supports OpenID (as does Launchpad ;) ), so that would be good to support & looks easy:

• ​http://openidenabled.com/python-openid/

Look at T3 for AAA:

• protect function components with: if not is_admin: t2.redirect('index',flash=T('Not Authorised'))
• appadmin protected in the same way :)

---

BluePrints