[Web-SIG] Possible specs

Ian Bicking ianb at colorstudy.com
Fri Nov 10 19:40:55 CET 2006 

I brainstormed some ideas for wsgiorg specs and added them to the spec 
page, and also copied here.  I offer them here to see if there's 
particular specifications that seem interesting, and might be worth 
pursuing sooner than other ones.


     * Ben Bangert suggested a simple session standard, focused solely 
on the session ID (persistence handled elsewhere). This is fairly modest 
but still useful.

     * Maybe a full session interface built on the session ID standard.

     * Often debugging tools open security holes (for example, 
paste.evalexception gives you a Python prompt on every exception). 
Authentication isn't really the right way to handle it, because 
debugging might involve logging in as various users. A specification 
could just define a key that indicates when these debugging tools should 
be allowed. This might get set by configuration, IP address, a cookie, etc.

     * Debugging mode is something that can be used in all sorts of 
places; to increase verbosity, annotate output pages, displaying errors 
in the browser, etc. Having a single key for turning on debugging mode 
would allow its consumption in lots of places. Not as strict as 
authenticating.

     * Some systems prefer that unexpected exceptions bubble up, like 
test frameworks. A key could define this case (modelled on 
paste.throw_errors) and thus disable exception catchers.

     * Logging is a tricky situation. The logging module allows for 
statically setting up logging systems, then configuring them at startup. 
This often isn't the best way to set up logging. Putting a 
logging.Logger instance right in the environment might be better. This 
requires some design and usage before setting on one spec.

     * Request object wrapping the environment.

     * Thread-local values are a common technique in web frameworks, 
allowing global objects or functions to return request-specific 
information. This pattern could be codified into one core system, using 
some feedback from existing systems (which have their advantages and flaws).

     * Configuration takes fairly common forms, usually a dict of some 
sort. It could be put somewhere standard.

     * Maybe Paste Deploy's entry points could be standardized. (Paste 
Deploy itself only consumes those entry points; other consumers are 
possible and packages implementing those entry points don't introduce 
any dependency on Paste Deploy)

     * A way to extend wsgiref.validate to add more validation, for all 
these new specs. (Probably this is an implementation, not a spec)

     * A way to describe custom keys, maybe associated with the validation.

     * Anchors for doing recursive calls, similar to paste.recursive. 
(paste.recursive is kind of an old module that is more complicated than 
it needs to be)

     * A place to put a database transaction manager

     * More user information than just REMOTE_USER; like wsgiorg.user_info?

-- 
Ian Bicking | ianb at colorstudy.com | http://blog.ianbicking.org

More information about the Web-SIG mailing list