TurboGears provides the identity module for easy authentication/authorization in your web applications.
You can restrict access to a particular method with @require(identity.not_anonymous) or any combination of the identity checks.
Identity also provides a special controller class (SecureResource) that enables you to protect that class and all its methods with a single require=identity.not_anonymous.
You don't have to rely on your controller to provide all the variables in your Kid templatesyou can import anything you need using the <?python ?> syntax Kid provides.
If you want to use validators without widgets, you can use the @validate decorator and set up a dictionary of validators to match the names of the fields that are coming in from the form.