(Illustration by Gaich Muramatsu)
On Fri, Sep 10, 2004 at 09:34:54AM +0200, Ivan Popov wrote: > it has been quite a few times I complained... :) I know. > http://www.coda.cs.cmu.edu/maillists/codalist/codalist-2003/5895.html > http://www.coda.cs.cmu.edu/maillists/codalist/codalist-2004/6191.html > > The semantical inconsistency is striking me again (and again :) > so I am talking to raise the awareness of the problem. > > Right now you can work > [ connected and authenticated ] > or > [ disconnected using the cached rights on the cached objects ]. > > What is missing is > [ connected and using the cached rights on the cached objects ] You missed 'connected and not authenticated'. Which makes your missing state ambiguous. Technically what happens is that we have a 'system:anyuser' user object for unauthenticated/anonymous connections. When a user obtains a token from the auth2 server he is given an authenticated user object for that realm until the servers reject the credentials (bad credentials, or they have expired). At that point the authenticated user object is destroyed and we fall back to the unauthenticated system:anyuser. As long as we are disconnected the servers can't tell us that the credentials are invalid. It is kind of like using an expired or stolen credit card, as long as nobody checks the purchases go through, until we go to a place that checks the expiry date or a list of stolen cards. The thing with bad credentials is that it is impossible to set up a working connection to the servers. So if we leave the authenticated user object around, that user would in effect stay disconnected from the servers even though other users can still fetch files and such. I don't know how such a partly disconnected state would work reliably and it is possibly even more confusing to the end user. JanReceived on 2004-09-13 09:31:32