[Web-SIG] Communicating authenticated user information
Jim Fulton
jim at zope.com
Tue Jan 24 23:34:38 CET 2006
Michal Wallace wrote:
> On Tue, 24 Jan 2006, Jim Fulton wrote:
>
...
> Maybe I just don't understand why this is
> important. Can someone (Jim) explain why this
> is a requirement in the first place?
We do our own authentication for lots of reasons, including:
- Zope can provide user and group management facilities that
are convenient to use,
- Zope can integrate with external systems that haven't been integrated with
the server,
- Zope can use authentication schemes that the server may not support.
History has shown us that many users find this useful.
If Zope performs authentication, then we'd like the authentication to show
up in the access logs.
People sometimes use Zope behind another web server, but often people
don't. When they don't and are using Zope with Zserver (medusa) or Twisted,
then it should be possible to give ZServer or Twisted the information to log
appropriately.
If this isn't possible with WSGI, then we can write out own access logs.
I'd prefer not to have to do that because the times included in any
access logs we write won't be accurate, as the request as seen by the
web client will end later than the time we're done with the request.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Web-SIG
mailing list