W3C home > Mailing lists > Public > ietf-dav-versioning@w3.org > April to June 2002

RE: Creation time of a version, Baseline-control stuff, diverse

From: Clemm, Geoff <gclemm@rational.com>
Date: Sun, 21 Apr 2002 18:59:59 -0400
Message-ID: <3906C56A7BD1F54593344C05BD1374B1069795C1@SUS-MA1IT01>
To: Edgar Schwarz <edgar@edgarschwarz.de>, Deltav WG <ietf-dav-versioning@w3.org>
   From: Edgar Schwarz [mailto:edgar@edgarschwarz.de]

   In 12.6.1 we see:

   Shouldn't this be (See 12.6) ?

Egads!  It certainly should be.  I'll add that to the Errata.

   Then I'm looking for some reports.  First I would like to have
   information on a baseline. How can I get the list of versions and
   subbaselines ?

To get the list of versions, do a PROPFIND Depth:Infinity on the
DAV:baseline-collection of the baseline.  To get the subbaselines, get
the DAV:subbaseline-set property of the baseline.

   Second I want to have information on a configuration. This means
   state (checked-out, checked-in) and a list of VCRs, VCCs and their

To get the DAV:checked-in and DAV:checked-out properties of the
configuration, just PROPFIND the DAV:version-controlled-configuration
of any member of the configuration for those two properties.

What list of VCR's did you have in mind?  If it is all the VCR's that
are the member of the configuration, just PROPFIND Depth:Infinity
the root collection of the configuration for DAV:checked-in and
DAV:checked-out (any resource that has these properties is a VCR
that is a member of the configuration).  By VCC, did you mean
VCCn or VCCl?

   I also twice read negative things on WebDAV recently. It was
   considered a security risk.  But it wasn't clear whether WebDAV
   itself was the target or faulty implementations.  I hope ACL (which
   I didn't have the time to follow) will cure these problems.

These were negative comments about WebDAV appear to be derived from a
basic misunderstanding of the WebDAV design.  In particular, they
appear to assume WebDAV suffers from the same security problems as
protocols like SOAP that tunnel through POST.  WebDAV was specifically
designed to not have these problems (at non-trivial cost, since the
secure approach adopted by WebDAV creates problems with non-HTTP/1.1
compliant proxies), so it is rather frustrating for WebDAV to be
incorrectly singled out, instead of the protocols (like SOAP) that in
fact do have these problems.  Several of us have sent messages to the
authors of these incorrect statements, and hopefully they will be

Received on Sunday, 21 April 2002 19:00:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:48 UTC