[Web-SIG] Communicating authenticated user information
Phillip J. Eby
pje at telecommunity.com
Tue Jan 24 17:41:04 CET 2006
At 10:30 PM 1/23/2006 -0500, Clark C. Evans wrote:
>Suggested Wording:
>
> A WSGI Middleware component (that is, one that receives a
> request and forwards it on to another component) must forward
> on the *exact* same ``environ`` dict that it received.
-1. This invalidates current WSGI design principles and can't go in any
WSGI 1.x version, and even for a WSGI 2.x it would need a heck of a lot
more justification.
Note that WSGI is an HTTP analogue, it is not a web server API. In the
context of this discussion, I'm now more convinced than ever that the right
place to communicate information back to the server is via response
headers, and that's how this use case should be addressed in WSGI 1.1, as
it maintains the functional composition of middleware better than an
environ-supplied extension. In WSGI the design principle needs to be
"Isolation beats cleanliness".
More information about the Web-SIG
mailing list