<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2873" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=771173020-07062006>response interspersed below.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=771173020-07062006></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=771173020-07062006>~ Deb</SPAN></FONT></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> masterview-devel-bounces@rubyforge.org
[mailto:masterview-devel-bounces@rubyforge.org] <B>On Behalf Of </B>Jeff
Barczewski<BR><B>Sent:</B> Wednesday, June 07, 2006 12:28 PM<BR><B>To:</B>
masterview-devel@rubyforge.org<BR><B>Subject:</B> Re: [Masterview-devel] A few
observations from MV usage<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV>1) agreed, generated comment is only for erb files as it currently is. (Are
we ok not putting anything in other files??, should we think about doing that?
For now let's keep it simple, but someday we may want to have different comment
types for different types of files, so users know this is
generated. <BR><SPAN class=771173020-07062006><FONT face=Arial
color=#0000ff size=2> </FONT></SPAN></DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff size=2>I
thought about allowing diff comments for diff types but files, but then decided
that's ridiculous overkill. We can invent that in the future if
needed.</FONT></SPAN></DIV>
<DIV><SPAN class=771173020-07062006> </SPAN><BR><SPAN
class=771173020-07062006><FONT face=Arial color=#0000ff
size=2> ...</FONT></SPAN></DIV><FONT face=Arial color=#0000ff
size=2></FONT>
<DIV><BR>4) I thought about doing a variety of schemes for user authentication,
even something as simple as having a set user password and only doing it in
development, etc. However I went with the simplest approach at first figuring
there are many ways to skin this. <BR><BR>I had used the engines version of RBAC
for a project and that worked out pretty nice because it was pretty unintrusive.
Bolt on authentication is nice. However I didn't want to put any big
dependencies on things since the current plugin mechanism doesn't have a nice
way to do dependencies (that I am aware of) so users have to manually install
prerequisites or one has to bundle them in (which is generally not the best
way). I think eventually plugins will move toward something more like gems, but
the gems system needs to be made easier to use without root access (for shared
servers). <BR><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff
size=2> </FONT></SPAN></DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff size=2>I
don't have an answer for this yet, just want us to be thinking about it.
And no, we certainly shouldn't have any big dependencies in the core MV
plugin. </FONT></SPAN></DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff size=2>Maybe
someday there's MV add-ons if it made sense to standardize hookup with
something widely used, but it doesn't seem that area of the rails world has
settled into anything standard yet. </FONT></SPAN><SPAN
class=771173020-07062006><FONT face=Arial color=#0000ff size=2>There are several
diff auth schemes out there, including really simple roll-your-own, and no
precedent in place for standardized protocol that we could leverage to
auto-detect whether/how to filter access.</FONT></SPAN></DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff size=2>FWIW
I'll likely to end up doing something with Bruce Perens' ModelSecurity for my
own app infrastructure, after incomplete initial research into available
options. Or possibly ActiveRBAC - not sure. I want to be able to
start with something relatively simple, but with notions of roles and
permissions in the foundation so I can scale in the future to more sophisticated
schemes as needed.</FONT></SPAN></DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff size=2><A
href="http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html">http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff size=2>~
Deb</FONT></SPAN></DIV>
<DIV><SPAN class=771173020-07062006> </SPAN></DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=771173020-07062006><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV></BODY></HTML>