- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 17 Feb 2005 19:39:12 +0100
- To: Scott Lawrence <scott@skrb.org>
- CC: Cyrus Daboo <daboo@isamet.com>, Jamie Lokier <jamie@shareable.org>, Mark Baker <distobj@acm.org>, "Roy T. Fielding" <fielding@gbiv.com>, WebDAV <w3c-dist-auth@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, CalDAV DevList <ietf-caldav@osafoundation.org>
Scott Lawrence wrote: > That statement misses the point - it may be true that it's difficult to > express the access control based just on the method, but that doesn't > mean that it's difficult to implement appropriate access control in > either the client or the server. The method alone does not specify the > operation - indeed, in the case of POST the full specification of the > operation is deliberately expanded to include the body mime type and the > body content. > > I don't think you've shown how what you're trying to do is any different > from what POST has always done. It's a aubset with well-defined semantics. I consider this a feature. Best regards, Julian -- <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Thursday, 17 February 2005 18:39:46 UTC