[Web-SIG] Communicating authenticated user information

Phillip J. Eby pje at telecommunity.com
Sun Jan 22 17:34:03 CET 2006

At 11:22 AM 1/22/2006 -0500, Jim Fulton wrote:
>Typically, web servers provide access logs that include a label
>for the authenticated user.
>Often, WSGI applications (or middleware) provide their own user
>authentication facilities.  Well, Zope does. :)
>There doesn't seem to be a standard way for WSGI applications or
>middleware to communicate the information necessary for a server
>to log the authenticated user back to the server.
>Am I missing something?  How do other people handle this?
>Is Zope the only WSGI application that performs authentication

I think Zope is the only WSGI application that cares about communicating 
this information back to the web server's logs.  :)  Or at least, the only 
one whose author has said so.  :)

Perhaps an "X-Authenticated-User: foo" header could be added in a future 
spec version?  (And as an optional feature in the current PEP.)  This seems 
a simpler way to incorporate the feature than adding an extension API to 

More information about the Web-SIG mailing list