[Web-SIG] Communicating authenticated user information

Phillip J. Eby pje at telecommunity.com
Tue Jan 24 17:41:04 CET 2006

At 10:30 PM 1/23/2006 -0500, Clark C. Evans wrote:
>Suggested Wording:
>    A WSGI Middleware component (that is, one that receives a
>    request and forwards it on to another component) must forward
>    on the *exact* same ``environ`` dict that it received.

-1.  This invalidates current WSGI design principles and can't go in any 
WSGI 1.x version, and even for a WSGI 2.x it would need a heck of a lot 
more justification.

Note that WSGI is an HTTP analogue, it is not a web server API.  In the 
context of this discussion, I'm now more convinced than ever that the right 
place to communicate information back to the server is via response 
headers, and that's how this use case should be addressed in WSGI 1.1, as 
it maintains the functional composition of middleware better than an 
environ-supplied extension.  In WSGI the design principle needs to be 
"Isolation beats cleanliness".

More information about the Web-SIG mailing list