[Web-SIG] Possible specs

[Ben Bangert]

On Nov 10, 2006, at 10:40 AM, Ian Bicking wrote:

>      * Ben Bangert suggested a simple session standard, focused solely
> on the session ID (persistence handled elsewhere). This is fairly  
> modest
> but still useful.

I'll have to find that and take a look as I no longer recall what I  
was talking about. :)

>      * Debugging mode is something that can be used in all sorts of
> places; to increase verbosity, annotate output pages, displaying  
> errors
> in the browser, etc. Having a single key for turning on debugging mode
> would allow its consumption in lots of places. Not as strict as
> authenticating.

I'd really like this. In addition to having a key that indicates the  
app is in debug mode, there should probably be one to indicate its in  
an automated testing mode as well for unit/function tests. The  
testing one should also provide a key where object ref's can be put  
for a WSGI unit testing harnass, like  how paste.fixture's TestApp runs.

>      * Request object wrapping the environment.

I'd imagine this would be a base interface?

>      * Configuration takes fairly common forms, usually a dict of some
> sort. It could be put somewhere standard.

Yep, should be a pretty minimal spec as well.

>      * More user information than just REMOTE_USER; like  
> wsgiorg.user_info?

I think a base spec for user information could be modeled on the user  
data information thats in the OpenID 2.0 spec. The same user keys/ 
values are in the LID spec as well, modeling our environ dict for the  
wsgiorg.user_info on those spec's would make using them easy, and  
they account for all the common fields in most every auth system I've  
encountered.

Overall, I think we should hit the low hanging fruit first. So having  
the simple keys be standardized as wsgiorg specs first, then we can  
hit the more complex ones like session id's and stuff that requires  
more of an interface.

Cheers,
Ben