[Web-SIG] Communicating authenticated user information
Phillip J. Eby
pje at telecommunity.com
Sun Jan 22 17:34:03 CET 2006
At 11:22 AM 1/22/2006 -0500, Jim Fulton wrote:
>Typically, web servers provide access logs that include a label
>for the authenticated user.
>
>Often, WSGI applications (or middleware) provide their own user
>authentication facilities. Well, Zope does. :)
>
>There doesn't seem to be a standard way for WSGI applications or
>middleware to communicate the information necessary for a server
>to log the authenticated user back to the server.
>
>Am I missing something? How do other people handle this?
>
>Is Zope the only WSGI application that performs authentication
>itself?
I think Zope is the only WSGI application that cares about communicating
this information back to the web server's logs. :) Or at least, the only
one whose author has said so. :)
Perhaps an "X-Authenticated-User: foo" header could be added in a future
spec version? (And as an optional feature in the current PEP.) This seems
a simpler way to incorporate the feature than adding an extension API to
environ.
More information about the Web-SIG
mailing list