[Web-SIG] Communicating authenticated user information
Phillip J. Eby
pje at telecommunity.com
Wed Jan 25 18:17:29 CET 2006
At 01:53 AM 1/25/2006 -0500, Clark C. Evans wrote:
>Hence, the interfaces between these modules is simply using the
>well-understood CGI variable ``REMOTE_USER``. They can be used
>independently of each other, and in creative combinations.
If each middleware or application does this:
remote_user = environ.setdefault('paste.remote_user', )
And then uses the contents of that list as the thing to check or modify,
then you will get the exact same result as the "pass the same environ"
approach, except that it's actually compatible with PEP 333, as opposed to
relying on implementation accidents. This doesn't seem especially
difficult to me.
>The WSGI middleware components that actually create their own environ
>are few and far between. This is an uncommon edge case.
Composability of applications is a critical requirement for WSGI
middleware. It doesn't matter how uncommon it is. Even if there were
*zero* implementations of such middleware right now, that principle would
take precedence, meaning you'd have to have a proposal that would preserve
composability. Right now, you haven't described a way to do that without
introducing temporal coupling (or worse) among subrequests.
More information about the Web-SIG