W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1998

Versioning, Collections and Sources

From: Yaron Goland <yarong@microsoft.com>
Date: Wed, 16 Dec 1998 14:12:49 -0800
Message-ID: <3FF8121C9B6DD111812100805F31FC0D08792B8D@RED-MSG-59>
To: "'Greg Stein'" <gstein@lyra.org>, w3c-dist-auth@w3.org
The folks in versioning land want to add a version header which is combined
with the request-URI to uniquely identify a resource other than the one in
the request-URI as being the "true" request-URI.

The folks in collection land want to add a no-passthrough header which is
combined with the request-URI to confirm that the request-URI REALLY is the
request-URI.

I have even heard rumors of those who want to add a source header which is
combined with the request-URI to uniquely identify a resource other than the
one in the request-URI as being the "true" request-URI.

Of course one may think we already have this problem in the form of Accept-*
headers. However, Accept-* headers specify the desired result format, not
the resource the request is to be applied to. 

Unlike accept-* headers, these new headers are really just a slightly more
advanced version of URL munging, with all the problems that implies.

This leads me to believe that the collection paper's design requires a
fundamental re-think. Having to resort to URL munging is a sure sign that
your design is in trouble. The collection folks may want to consider a
source like model where you have paired resources. The "redirection"
resource and its "control". The "redirection" resource will respond to one
magic method which returns a header which specifies the "control" resource.
The "control" resource is then the one that arbitrary methods can be applied
to. This solution is VERY far from optimal since servers will have problems
managing the parallel namespaces and dealing with potential name conflicts.
Alternatively we may want to learn a lesson from the way that redirection
resources have been implemented in file systems. Some methods applied
directly to the resource and some were redirected and that was it. There was
no crossing the line. I actually suspect this may prove to be a better
model, although the interaction with properties may be interesting.

As for versioning and source, sometimes speed hacks are just not worth it.
Not when the cost is extensibility.

		Just a thought,
					Yaron

-----Original Message-----
From: Greg Stein [mailto:gstein@lyra.org]
Sent: Wednesday, December 16, 1998 12:37 PM
To: w3c-dist-auth@w3.org
Subject: Re: Properties of References


Slein, Judith A wrote:
>...
> 2.  Replace the Re-Direct header with a No-Passthrough header that can be
> applied to any reference, direct or redirect.  This header asks the server
> to apply the request to the reference itself, rather than to its target
> resource.
> ...

Random thought: there is a weird correlation here between this
No-Passthrough header and the "source link". For example, could
No-Passthrough potentially be used to grab an ASP file rather than its
execution result?

Just popped into my head, so I thought I'd mention it. The source link
does seem a bit nicer for security issues (because you secure based on
URL rather than the presence of a header), but No-Passthrough seems
handier for grabbing source (text or binary).

-g

--
Greg Stein, http://www.lyra.org/
Received on Wednesday, 16 December 1998 17:12:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:48 GMT