Identity management in Pyramid
188 views
Skip to first unread message
Andreas Jung
May 22, 2016, 4:47:08 AM5/22/16
to pylons-...@googlegroups.com
Hi there,
I am currently checking for identity management solutions - either cloud-based or
self-hosted (preferred on Python technology). Any pointers to integrations with
Pyramid that could be re-used without reinventing the wheel?
Requirements are as
- MUST
- extensible metadata for user records
- user registration, password reset,
- user approval workflow (new accounts must be verified (optionally)
- user management interface
- embedding of login form, password reset form and all other forms into the look & feel of our website
- no branding
- notifications (user registered, password reset, user account deactivated etc).
- must support German as language for forms, notification emails etc.
- operate in accordance with EU/DE privacy laws
- any data should be stored within the EU/DE
- service should be located in EU/DE for performance reasons
- OPTIONAL
- user accounts can be assigned to groups („free“ vs. „premium“, „member“ vs. „admin“ etc.)
- social media login
- multi-factor authentication
- configurable password policies
- password expiration
- abuse protection (tracking of login trial, mechanisms for protecting the site from bots or automatic password hacker scripts etc)
Andreas
I am currently checking for identity management solutions - either cloud-based or
self-hosted (preferred on Python technology). Any pointers to integrations with
Pyramid that could be re-used without reinventing the wheel?
Requirements are as
- MUST
- extensible metadata for user records
- user registration, password reset,
- user approval workflow (new accounts must be verified (optionally)
- user management interface
- embedding of login form, password reset form and all other forms into the look & feel of our website
- no branding
- notifications (user registered, password reset, user account deactivated etc).
- must support German as language for forms, notification emails etc.
- operate in accordance with EU/DE privacy laws
- any data should be stored within the EU/DE
- service should be located in EU/DE for performance reasons
- OPTIONAL
- user accounts can be assigned to groups („free“ vs. „premium“, „member“ vs. „admin“ etc.)
- social media login
- multi-factor authentication
- configurable password policies
- password expiration
- abuse protection (tracking of login trial, mechanisms for protecting the site from bots or automatic password hacker scripts etc)
Andreas
Jonathan Vanasco
May 22, 2016, 9:46:34 AM5/22/16
to pylons-discuss, li...@zopyx.com
Velruse lets you authenticate to 3rd parties https://velruse.readthedocs.io/en/latest/usage.html
otherwise, it looks like you're describing the commercial janrain system -- cloud based accounts and you just authenticate into them. I once inherited a contract with them in the past, and found the service very overpriced and the customer service that was less than great.
Steve Piercy
May 22, 2016, 2:58:15 PM5/22/16
to pylons-...@googlegroups.com
For a list of Pyramid integrations for authentication and
authorization, filter by those categories.
https://trypyramid.com/resources-extending-pyramid.html
I think the pickings there are not what you seek. Alternatively
there is authomatic, which might get you closer to your goal.
http://peterhudec.github.io/authomatic/
Lastly, although US-based, Stormpath offers a private AWS
deployment, which could be in Frankfurt, for the Enterprise level.
https://stormpath.com/pricing
HTH.
--steve
On 5/22/16 at 10:47 AM, li...@zopyx.com (Andreas Jung) pronounced:
------------------------
Steve Piercy, Soquel, CA
authorization, filter by those categories.
https://trypyramid.com/resources-extending-pyramid.html
I think the pickings there are not what you seek. Alternatively
there is authomatic, which might get you closer to your goal.
http://peterhudec.github.io/authomatic/
Lastly, although US-based, Stormpath offers a private AWS
deployment, which could be in Frankfurt, for the Enterprise level.
https://stormpath.com/pricing
HTH.
--steve
On 5/22/16 at 10:47 AM, li...@zopyx.com (Andreas Jung) pronounced:
Steve Piercy, Soquel, CA
Thierry Florac
May 23, 2016, 3:26:10 AM5/23/16
to pylons-...@googlegroups.com
Hi Andreas,
I'm actually working on a Pyramid application framework (called "PyAMS") including a pluggable authentication system (including an Authomatic module).
It provides some of the features you need but sadly it's actually far from finished... :-/
Best regards,
Thierry
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
To post to this group, send email to pylons-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/r471Ps-1085i-D00E25A79EBF4DACBC48815D39719ADE%40stevepi-mbp.local.
Andreas Jung
May 25, 2016, 12:02:36 PM5/25/16
to pylons-...@googlegroups.com
On 23 May 2016, at 9:26, Thierry Florac wrote:
> Hi Andreas,
>
> I'm actually working on a Pyramid application framework (called "PyAMS")
> including a pluggable authentication system (including an Authomatic
> module).
Andreas
Matthew Blain
May 25, 2016, 9:51:22 PM5/25/16
to pylons-discuss, li...@zopyx.com
I've experimented with Auth0, and stormpath is a similar services. And there are others. Looks like they provide most of what you are looking for.
Thierry Florac
May 26, 2016, 3:09:52 AM5/26/16
to pylons-...@googlegroups.com, Andreas Jung
Hi Andreas,
Actually there is only my own "private" Mercurial repository to manage my code. You can find it here : http://hg.ztfy.org/pyams
Please kind in mind that all this stuff is built for the needs of an internal professional project, and is actually provided "as is"; I share as much as I can. It's far from finished, and not yet documented.
Many aspects of this framework are inspired by some Zope 3 concepts and Zope/Z3c packages, including:
- ZODB usage
- pluggable authentication (actually including "local" users and groups, LDAP directory and social authentication; an SQLAlchemy connector is planned), also managing roles
- extensible users metadata through principal annotations
- and many others...
Hope this can help!
Just ask if you have any question.
All remarks are welcome... ;-)
Best regards,
Thierry
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
To post to this group, send email to pylons-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/732F75E0-5DD2-4B33-97FA-4FC5908FC599%40zopyx.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages