W3C home > Mailing lists > Public > public-webarch-comments@w3.org > July to September 2004

Re: XML Schema WG comments on Web Architecture draft of 9-Dec-2003 [schema10]

From: Dan Connolly <connolly@w3.org>
Date: Mon, 12 Jul 2004 16:26:31 -0500
To: public-webarch-comments@w3.org, Mary Holstege <holstege@mathling.com>, David Ezell <David_E3@VERIFONE.com>
Message-Id: <1089667591.14421.141.camel@dirk>

replying to a part of your comments...
> [3.5] says that an interaction is safe if the agent does not incur any
> obligation beyond the interaction.  This seems too broad; the TAG has been
> advised of other scenarios.  For example, if each access to a resource needs to
> be authenticated at the application (not https) level, but no ongoing
> obligation is established, this rule suggests that the retrieval is safe.  Is
> that really true?

Perhaps not; specific cases are discussed at the
other end of this link:

  For more information about safe and unsafe operations using HTTP GET
  and POST, and handling security concerns around the use of HTTP GET,
  see the TAG finding "URIs, Addressability, and the use of HTTP GET and POST".

You seem to be asking about this case:

In situations where the use of such protocols for security is inappropriate,
designers MAY use POST to carry credentials or other information needed to
authenticate an otherwise safe operation. For instance, a designer may require
security beyond the protocol layer into the application layer (e.g., because
software or data queues within a server site are not trusted, or because
the application requires credentials not supported at a lower layer).
  -- http://www.w3.org/2001/tag/doc/whenToUseGet.html#sensitive

>  We wouldn't want the access cached, except perhaps by an
> application-specific cache that knew our authorization rules.
>  Consider also
> the case where the provider of the resource needs to log the access.

I believe we did:

3.1.3 Side-effects do not Imply Unsafe Interactions
Some user interactions cause side effects (i.e., they change the state
of the server) but are safe interactions. When a server is configured to
count and display the number of visitors to a site, each user
interaction increments a counter. Users do not commit themselves to
anything through this sort of interaction, so it is safe.
 -- http://www.w3.org/2001/tag/doc/whenToUseGet.html#example-counters

>  The issue
> is an important one, and the summary given here comes close to being an
> oversimplification.

Does the elaboration in the finding address your concerns?

p.s. this part of your comments is tracked as...

Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Monday, 12 July 2004 17:26:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:47 UTC