The purpose of the AuthZEO extension is to provide authentication based on user and password strings provided at storage instantiation time by the ZEO client. The ZEO server should allow or deny access comparing these strings to a trusted local database at connection time. All subsequent transactions are considered to be trusted.
This mechanism might be extendable to provide generic permissions to objects. This is not currently in this proposal, but contributions are welcome. We don't touch on the issue of read-only versus read-write access, but we believe it would be a simple extension.
Jeremy has suggested further: There should be enough mechanism in place to have pluggable authentication. We should figure out whether we need to bump the protocol version to handle authentication; I think we do.
- Initial discussion: http://lists.zope.org/pipermail/zodb-dev/2002-November/003565.html - Proposal and RFC: http://lists.zope.org/pipermail/zodb-dev/2003-January/004221.html