[Web-SIG] Communicating authenticated user information

Michal Wallace michal at sabren.com
Wed Jan 25 01:06:30 CET 2006

On Tue, 24 Jan 2006, Jim Fulton wrote:

> Michal Wallace wrote:
> > Maybe I just don't understand why this is important. Can someone (Jim)
> > explain why this
> > is a requirement in the first place?
> We do our own authentication for lots of reasons, including:
> History has shown us that many users find this useful.

No, I understand why you do your own authentication.
Simply having the ability to log out trumps HTTP 
authentication every time. 

What I'm trying to understand is the next thought in
the chain:
> If Zope performs authentication, then we'd like 
> the authentication to show up in the access logs.

Why do you want this? 
What do people do with the information?

To me it makes a lot more sense to log application-level
events: so-and-so tried to do this, etc... Whereas at
the web server log level, you're logging that so-and-so's 
browser requested a gif or a css file.

I'm not trying to argue here. I'm just trying to
understand what value you're getting out of the

Michal J Wallace
Sabren Enterprises, Inc.
contact: michal at sabren.com
hosting: http://www.cornerhost.com/
my site: http://www.withoutane.com/

More information about the Web-SIG mailing list