Explore authentication and group viewing permissions

[GoogleCodeExporter]

Link discussion threads to groups in MarineMap. During the architecture phase 
we can think about how to do this, but here's an initial idea:

Move discussion listing service out of chat.marinemap.org app
Proxy all requests to CRUD discussion threads(not entries) through marinemap
MarineMap then is responsible for creating the thread, saving a link to it in 
the database, and holding permissions
The UI requests a list of discussion topics from marinemap, the only thing that 
knows the thread urls
The urls of threads are based on their appengine datastore key, which is 
essencially unguessable.

This security scheme is somewhat weak compared to cookies. Cookie session keys 
are still in theory guessable, and can definitely be intercepted over the wire. 
Their advantage is that session cookies time out eventually. We could maybe do 
the same but it would be tricky.

Anyhow, I don't expect to get a fully baked implementation in the first pilot. 
We just need to try things out.

Original issue reported on code.google.com by underbluewaters on 10 Dec 2010 at 5:16

• Blocked on: #469

[GoogleCodeExporter]

This ticket should be treated as a goal rather than requirement for this pilot 
sprint.

Original comment by underbluewaters on 10 Dec 2010 at 5:17

[GoogleCodeExporter]

Not going to have enough money in the pilot budget to do this. Just explore and 
document potential architecture.

Original comment by underbluewaters on 10 Dec 2010 at 5:34

• Changed title: Explore authentication and group viewing permissions
• Added labels: EstimatedTime-24
• Removed labels: EstimatedTime-40

[GoogleCodeExporter]

Original comment by perrygeo...@gmail.com on 20 Sep 2011 at 8:27

• Changed state: WontFix