Thread:Talk:Requests for comment/AuthManager/Feedback/reply

We are very deliberately ignoring authz at this point in order to focus on authn. The end result of an interaction with the AuthManager (which we debated calling AuthenticationManager and still may in implementation) is only an authenticated session with a pointer to the correct local User.

We agree that the authz components of the existing system need to be cleaned up as well, but as was pointed out in previous discussions of the prior iterations of this RfC, changing all the things at once is very ambitious and likely to end up prolonging the implementation or even stalling the project all together.

Once we can get this RfC's implementation underway I'm very interested in continuing by helping draft an authorization proposal that would work along similar lines to handle the authz side of the problem.