[Web-SIG] Communicating authenticated user information

Michal Wallace michal at sabren.com
Wed Jan 25 06:41:01 CET 2006

On Tue, 24 Jan 2006, Clark C. Evans wrote:

>     On Mon, Jan 23, 2006 at 02:25:35PM -0500, Phillip J. Eby wrote:
>     | You simply can't use environ values to communicate *up*
>     | the WSGI stack, since at no level is it guaranteed you
>     | have the "same" dictionary.  Response headers and
>     | callables (or mutables) in the environ are the only way to
>     | send stuff upstream.  You also have to be careful that any
>     | upstream communication doesn't bypass something that
>     | middleware should be allowed to control.

> So, I reject this approach, and I suggested that the same ``environ`` 
> object should be passed all the way down the WSGI stack.

Unfortunately, if you require it to be the exact same 
*object* then you're making the requirement that 
everything in the stack happens in the same process, 
on the same machine. 

That means you can't distribute the magic over xml-rpc or SOAP
or some other protocol, and you might want to do that if you're
using a load balancing feature or want part of the system
to run as a different user.

I suppose you could pass *copies* around, either of
the whole dictionary or just certain values... (maybe?)

Michal J Wallace
Sabren Enterprises, Inc.
contact: michal at sabren.com
hosting: http://www.cornerhost.com/
my site: http://www.withoutane.com/

More information about the Web-SIG mailing list