- From: Yoram Last <ylast@mindless.com>
- Date: Thu, 22 Apr 1999 03:31:28 +0300
- To: John Stracke <francis@ecal.com>
- CC: w3c-dist-auth@w3.org
> Nothing has been taken away except uncertainty.
Not so. By your wisdom, all MAYs and SHOULDs should be taken out of all
protocols, because they are nothing but uncertainties.
> > > > > No, by requiring special access rights for Depth=infinity.
> > > >
> > > > And when the request fails, how do you convey that to client?
> > > > What status code will you use?
> > >
> > > 401, of course.
> >
> > To which the client would respond by prompting the user for a password.
>
> Only if you provide an Authenticate: header.
RFC 2068 says:
"10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include
a WWW-Authenticate header field (section 14.46) containing a challenge
applicable to the requested resource."
So you say I should use a 401 in a way which is in brut violation of HTTP/1.1,
and that WebDAV clients will somehow magically recognize this as indicating that
the request failed due to the Depth=infinity issue and do whatever it is they
should do in such a case, and furthermore, that software authors should be able
to figure out this remarkable mechanism by reading RFC 2518.
Yoram
Received on Wednesday, 21 April 1999 20:32:02 UTC