[Web-SIG] Logging the authenticated user (was Re: Bowing out)
James Y Knight
foom at fuhm.net
Tue Feb 7 22:29:01 CET 2006
On Feb 7, 2006, at 12:28 PM, Phillip J. Eby wrote:
> * Add an optional 'wsgi.response_filtering' key to the spec. If
> its value
> is present and true, the server promises to prevent 'X-Internal-*'
> from being transmitted.
> * Add an optional 'X-Internal-WSGI-Authenticated-User' header to
> the spec,
> that indicates the authenticated user name. This should only be
> into the response headers if 'wsgi.response_filtering' is in effect.
> * Require that any user-defined X-Internal headers include a
> product name,
> e.g. 'X-Internal-Zope-Foo', to avoid conflict with WSGI-defined or
> products' user-defined headers.
> This would all be placed under a new section entitled "Internal
> Headers" and defined as an optional extension.
I like it.
More information about the Web-SIG