[pmwiki-users] WikiBox: assuming identity/authorization for a remote user

[Peter & Melodye Bowers]

I need some input from the group while I am in the process of developing
WikiBox.  

Briefly, an idea of what the WikiBox recipe will do: 
The idea of this recipe is to allow people to access a pmwiki site by email
(either updating pages or retrieving pages or some other administrative
tasks).  They send emails in which the subject is a "command" ("append onto
[[Test.Foo]]" or "get [[Test.Foo]] source" or etc) and the body of the email
provides the text to update as well as various forms of validation.  

Now, my problem.  The user making the change or reading the page is remote -
they are not logged in.  Thus there is no $AuthList, $AuthId, etc. to use as
security to check whether he should be allowed to read that page or update
that page.  (Those identity/authorization values will by default be
whoever's process I am "piggy-backing" on via register_shutdown_function()
or an administrator doing moderating via a forms interface.)  I *could* just
bypass PmWiki security and completely replace it with a separate layer, but
I would really much prefer to build another layer of security ON TOP of
existing PmWiki security rather than replacing it.

My thought was to save off the values of $Author, $AuthList, $AuthId, and
$AuthPw (others?) at the moment when a user subscribes to WikiBox.  These
values would be stored in SiteAdmin.WikiBoxEmailAuth (in a somewhat
obfuscated manner although it's a given that if WikiBox can un-obfuscate
them and we're dealing with open source then an unkind administrator could
also see actual passwords).  These values would then be read for the given
email and that would then be their authorization level for all email
actions.

I *believe* I can get it to work, but I'm not sure it's a good idea.  I
would appreciate some feedback before I spend too much time (although the
last 4 hours analyzing PmWikiAuth(), SessionAuth(), and IsAuthorized() is
enough to already give me some grey hairs... :-) ).

(1) Does the idea of storing decrypt-able passwords on a page just sound
horrendous, even if it's in the SiteAdmin group?
(2) If that sounds mildly excusable, are there other variables you can think
of that I would need to save off and replace while processing for a given
remote user to completely assume that user's identity & authorization
levels?  I'm wondering about $_SESSION[] values in particular and (this may
be the impossible one) the static $acache in PmWikiAuth().  Are there any
other pitfalls I need to be aware of?
(3) Would I be better establishing a single "default user" for WikiBox and
having that user set up in config.php so it's not available to others?
Question #2 still stands (how do I assume the identity & authorizations of
that default user), but it would bypass the concerns of #1.  Unfortunately
it would be at the expense of no longer having equivalent authorizations as
a remote user as with a local user...

In any event I am implementing an additional layer of security which will
allow administrators to limit which pages/groups can be read/edited by
WikiBox, so this capability will be there.  I've just really been pushing
hard to get the full "assumed identity" capability and before I actually
begin coding it I wanted to get some thoughts from this group...

-Peter