I would like to get a clear understanding of what would be the most pythonic and cleaner way to implement:
Should I rather write a WSGI middleware which gets the app as parameter or a pure Pyramid Tween for either one or both my requirements?
Also, which of wsgi middleware or tween is the most compliant with apache + mod_wsgi?
Thanks
Everything is better as WSGI middleware unless you need framework-specific details. Especially if you're smart and use the webob decorators to turn the complex WSGI protocol into simple request/response objects. For example when integrating with permissions I'm not even sure a tween makes sense. From within your groupfinder you can just connect to your entitlement system. For logging there are a lot of examples of both WSGI (paste's translogger) and tween (pyramid_exclog, pyramid_debugtoolbar) loggers that you can pull ideas from.