[Web-SIG] Communicating authenticated user information

Jim Fulton jim at zope.com
Tue Jan 24 23:34:38 CET 2006

Michal Wallace wrote:
> On Tue, 24 Jan 2006, Jim Fulton wrote:

> Maybe I just don't understand why this is 
> important. Can someone (Jim) explain why this
> is a requirement in the first place?

We do our own authentication for lots of reasons, including:

- Zope can provide user and group management facilities that
   are convenient to use,

- Zope can integrate with external systems that haven't been integrated with
   the server,

- Zope can use authentication schemes that the server may not support.

History has shown us that many users find this useful.

If Zope performs authentication, then we'd like the authentication to show
up in the access logs.

People sometimes use Zope behind another web server, but often people
don't.  When they don't and are using Zope with Zserver (medusa) or Twisted,
then it should be possible to give ZServer or Twisted the information to log

If this isn't possible with WSGI, then we can write out own access logs.
I'd prefer not to have to do that because the times included in any
access logs we write won't be accurate, as the request as seen by the
web client will end later than the time we're done with the request.


Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Web-SIG mailing list