Hello, Gustavo, > On the other hand, because REMOTE_USER (which isn't set by r.who) is not > always enough and also some of the future features will rely on > future/existing repoze.who plugins, for example: I agree with that. Even more REMOTE_USER is not enough to distinguish between different authentication methods when multiple methods are used.
Because of that I offer to do following in r.who: Set REMOTE_USER as username. Usually all authentication systems provides one or another form of username. Set x-wsgiorg.user_data with data dict (e.g. certificate details, OpenID SREG data and etc.). Name was proposed by Ian Bicking. This way r.who and r.what will be compatible with other authentication and authorization solutions. -- Dalius http://blog.sandbox.lt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
