W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2005

Re: [Ietf-caldav] [Fwd: draft-reschke-http-addmember-00]

From: Scott Lawrence <scott@skrb.org>
Date: Thu, 17 Feb 2005 13:07:14 -0500
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Cyrus Daboo <daboo@isamet.com>, Jamie Lokier <jamie@shareable.org>, Mark Baker <distobj@acm.org>, "Roy T. Fielding" <fielding@gbiv.com>, WebDAV <w3c-dist-auth@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, CalDAV DevList <ietf-caldav@osafoundation.org>
Message-Id: <1108663634.11773.28.camel@sukothai.pingtel.com>

On Thu, 2005-02-17 at 18:19 +0100, Julian Reschke wrote:


> > The WebDAV rfc has the following statement in it in Section 5.3 as a 
> > justification for creating a new method (MKCOL in this case) rather than 
> > using a special POST operation:
> > 
> >>    While the POST method is sufficiently open-ended that a "create a
> >>    collection" POST command could be constructed, this is undesirable
> >>    because it would be difficult to separate access control for
> >>    collection creation from other uses of POST.

That statement misses the point - it may be true that it's difficult to
express the access control based just on the method, but that doesn't
mean that it's difficult to implement appropriate access control in
either the client or the server.  The method alone does not specify the
operation - indeed, in the case of POST the full specification of the
operation is deliberately expanded to include the body mime type and the
body content.

I don't think you've shown how what you're trying to do is any different
from what POST has always done.

-- 
Scott Lawrence <scott@skrb.org>
http://skrb.org/scott/
Received on Thursday, 17 February 2005 18:07:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:39 GMT