W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2000

Re: Multistatus required in responses?

From: <ccjason@us.ibm.com>
Date: Sun, 7 May 2000 21:34:52 -0400
To: Greg Stein <gstein@lyra.org>
cc: Kaushik Sridharan <kaushik@ruksun.com>, w3c-dist-auth@w3.org
Message-ID: <852568D9.0008CCF6.00@D51MTA03.pok.ibm.com>

I would disagree. I think that it is quite valid to return something like
403 (Forbidden) or 401 (Authorization required) as a response. Heck, you
could also return something like 412 or 301, too.

In each of these cases, the 3xx or 4xx applies to the Request-URI. If a
status code ever applies to a URI *other* than the Request-URI (say,
caused by a Depth: header), then a 207 (Multistatus) MUST be returned.

<Caveats jlc>
I've jogged my memory a abit.  The discussion I mentioned
only discussed PROPSTAT responses.  As I said, the conclusion was that
shortcuts would not be taken.  The multistatus had to be fully populated
and follow a standard formula.  There was a bit of discussion of
if a fully populated MULTISTATUS response was really merited for a pure
200 response.  (Although consistant, it seemed like a bit of a pain to
parse through all the XML just to find out everything was okay.)  The
thread seemed to conclude mildly in favor of not making an exception for

As I said, this was just PROPPATCH.  PROPFIND was not discussed in that

And it doesn't discredit what Greg says.  (It *is* reasonable to just
a single status for some situations.)  That thread just valued a
response more highly.

The conclusion didn't seem to be strongly held.

If you're writing a client, you'd better handle it both ways.

And we should make sure this hits the issues list and that the issues list
gets processed.

Received on Sunday, 7 May 2000 21:37:29 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:21 UTC