W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1999

Re: Some problems with the WebDAV protocol

From: Yoram Last <ylast@mindless.com>
Date: Thu, 22 Apr 1999 03:31:28 +0300
Message-ID: <371E6DE0.484BF38E@mindless.com>
To: John Stracke <francis@ecal.com>
CC: w3c-dist-auth@w3.org

> Nothing has been taken away except uncertainty.

Not so. By your wisdom, all MAYs and SHOULDs should be taken out of all
protocols, because they are nothing but uncertainties.

> > > > > No, by requiring special access rights for Depth=infinity.
> > > >
> > > > And when the request fails, how do you convey that to client?
> > > > What status code will you use?
> > >
> > > 401, of course.
> >
> > To which the client would respond by prompting the user for a password.
> Only if you provide an Authenticate: header.

RFC 2068 says:
"10.4.2 401 Unauthorized

       The request requires user authentication. The response MUST include
       a WWW-Authenticate header field (section 14.46) containing a challenge
       applicable to the requested resource."

So you say I should use a 401 in a way which is in brut violation of HTTP/1.1,
and that WebDAV clients will somehow magically recognize this as indicating that
the request failed due to the Depth=infinity issue and do whatever it is they
should do in such a case, and furthermore, that software authors should be able
to figure out this remarkable mechanism by reading RFC 2518.

Received on Wednesday, 21 April 1999 20:32:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:49 GMT