[Web-SIG] Communicating authenticated user information
Stephan Richter
srichter at cosmos.phy.tufts.edu
Tue Jan 24 13:31:35 CET 2006
On Monday 23 January 2006 22:15, Clark C. Evans wrote:
> On Mon, Jan 23, 2006 at 04:15:06PM -0500, Phillip J. Eby wrote:
> | At 03:36 PM 1/23/2006 -0500, Stephan Richter wrote:
> | > Specify a new environment variable called 'wsgi.user' (or something
> | > similar) that is a mutable and can be written several times. Only
> | > the last write (before the output is sent) is important. By default
> | > the variable is set to ``None`` for not set.
>
> Why not ``wsgi.context`` or something like that which defaults to
> an empty dictionary. Then you can put what ever you want in it;
> ``wsgi.user`` just seems to be a bit too specific.
But if you use a dictionary you need to specify all allowed keys. The server
needs to know from the standard (WSGI) what it is looking for. The twisted
guys and us have thought about other possible data for logging and we could
not come up with any. If you have real use cases for other data, please let
me know.
> | I'd suggest a callable under 'wsgi.log_username', that takes one
> | argument.
>
> I think this is way too specific; it doesn't address the general
> problem: how do you pass information back up the middleware stack.
You cannot address this issue generally. The point of WSGI is that it is a
well-defined API that specifies exactly what to expect. Let's take your
suggestion. Let's say there is a dictionary that can contain anything. Zope 3
(acting as the application) decides to put a key named "user" into the
dictionary. But Twisted (acting as the server) looks for "remote-user". Since
the key is not specified in the specification, we have gained absolutely
nothing.
> | It should be specified whether it requires ASCII or Unicode.
>
> Why cannot it just accept a Python string? You can always check
> if it is Unicode or not.
Because encoding might be arbitrary. It has to be clearly specified in the
specs what to expect.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Web-SIG
mailing list