Why Rails won't become OpenACS, or "Rails is cool, but can we have a login system?"
Ok, I didn’t mean to say so much on this topic, but I really can’t help myself with the response I’m getting :)
So I’m saying these big application components don’t work.
But come on! No login system? I mean, everybody needs a login system. Let’s add a login system to Rails. Just an itty-bitty login system. Please?
No! (Disclaimer: I don’t get to decide that.)
Seriously, though, the number one request I’ve heard from folks familiar with OpenACS is a login system. But friends, you don’t want your web framework to have a login system.
Why? Look around on the web. How many login systems do you see that are exactly alike? I’ve hardly seen any.
Login systems turn out to be a really hard piece to generalize. Trust me, I’ve tried. Do you use username or email? Do you let people register or create accounts for them? Do you store passwords encrypted, in which case you can’t email them a forgotten password. Do you offer login with Passport or Typekey? Do you verify passwords against a local database or an LDAP server or something else? Or both? What do you do when those accounts aren’t in our database already? Do you ask people for their name and other stuff, or do you get that from somewhere else? Do we ask for their real name, prefix, suffix, etc.? Do we lock people out after x number of failed attempts? Do we use their mother’s maiden name to recover passwords? Do we verify your email before letting you in? Does your login expire, and when, and can the user choose that? Do we still show non-sensitive information even though your login is expired, like Yahoo and Google do on their portals? Or maybe we don’t use passwords, but just hard-to-guess URLs?
The bottom line is that there are lots and lots of meaningful differences.
So you can either take the complex and hard path of trying to build the login system to end all login systems—in which case you end up with lots of complex code that only a few people fully understand, and that still doesn’t cut it for everybody.
Or you can do the Judo and solve the easy problem.
It’s your choice, but I know where I put my money.