W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 1999

RE: WebDAV methods: safe and idempotent

From: Jim Whitehead <ejw@ics.uci.edu>
Date: Sun, 15 Aug 1999 16:12:52 -0700
To: Larry Masinter <masinter@parc.xerox.com>, John Stracke <francis@ecal.com>, WebDAV WG <w3c-dist-auth@w3.org>
Message-ID: <NDBBIKLAGLCOPGKGADOJCEPKCCAA.ejw@ics.uci.edu>

Since some systems allow GET to perform non-safe, non-idempotent operations
via URL munging (e.g., http://www.docmgmtsys.com/doc-guid;action=CHECKOUT)
it seems to me the best a spec. can do is state what the intended behavior
is wrt safety and idempotence, and assume that people won't break it without
a very good reason.

- Jim

> > > PROPFIND: safe, idempotent
> > > PROPPATCH: unsafe, idempotent
> >
> > ...*provided* you're not using any funky live properties.  Live
> properties are
> > behavior, not state, so they have safeness and idempotency,
> too.  So, really,
> > you have to assume that both PROPFIND and PROPPATCH are unsafe and
> > non-idempotent unless you know the safeness and idempotency of all the
> > properties in use.
>
> I think it's more appropriate to define 'live properties' such that
> they have the same relationship to safety and idempotency of PROPFIND
> and PROPPATCH as 'resources' have to GET and PUT. That is:
>
>  even though the property is live, PROPFIND of any property
> SHOULD be safe and idempotent, and PROPPATCH should be idempotent.
>
>
> > (This is the same issue as CGIs in base HTTP/1.1; a CGI script
> could be built
> > that reacts unsafely to GET, but it wouldn't be HTTP/1.1-compliant; it's
> > supposed to use POST if it's unsafe.  But we don't have PROPFIND-GET and
> > PROPFIND-POST.)
>
> We should make the correspondence of PROPFIND-GET and PROPPATCH-PUT
> (not POST). Not having done so is an flaw in the WebDAV spec that
> SHOULD be corrected, not celebrated.
>
> Larry
>
Received on Sunday, 15 August 1999 19:16:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:51 GMT