W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2000

RE: [hwarncke@Adobe.COM: Re: [dav-dev] Depth Infinity Requests]

From: Babich, Alan <ABabich@filenet.com>
Date: Thu, 6 Jul 2000 20:21:01 -0700
Message-ID: <C3AF5E329E21D2119C4C00805F6FF58F0398E9B1@hq-expo2.filenet.com>
To: "'Clemm, Geoff'" <gclemm@rational.com>, WebDAV WG <w3c-dist-auth@w3.org>
I, too agree with the "the client proposes, the server disposes" theory.
One advantage is that's a general way for the server to defend against
naive and malicious clients from accidental or deliberate denial 
of service attacks.

To extend my UNIX find analogy, if all the programmers at my company
did UNIX find commands on the root directory, that would load the
servers pretty good. You can generally trust your fellow programmers
not to continually do stupid things, so that would be a temporary
problem. But in the world of the internet, you have much less 
sophisticated people that could unwittingly do expensive things 
repeatedly, plus you have a few malicious hackers that
might repeatedly do expensive things deliberately. This supports
the "server disposes" theory.

But, as to the idea of letting the client propose 20 or 100
as the limit (in addition to 0, 1, and infinity), the increased 
complexity might not be worth the decreased simplicity. I like
the KISS principle. The UNIX find command doesn't have a way
to specify a limit on the depth. It only has depth infinity.
The UNIX find command has withstood the test of time, and I know
of no UNIX implementations that have extended it to specify a limit
of N. Since the UNIX find command is doing something somewhat 
similar, that tends to support my gut feeling that we need not 
bother to allow specification of depth N.

So, what I propose is the following: Why don't we wait
for feedback from real users to see if we really need depth N?
Cut features until it's not useful for the first release,
then add only features demanded by the customers in later

Alan Babich

-----Original Message-----
From: Clemm, Geoff [mailto:gclemm@rational.com]
Sent: Thursday, July 06, 2000 2:20 PM
To: 'Jim Davis'; WebDAV WG
Subject: RE: [hwarncke@Adobe.COM: Re: [dav-dev] Depth Infinity Requests]

I agree with the "client proposes, server disposes" guideline,
but currently we are (in my view, inappropriately) limiting what
the client can propose.

In particular, we are not allowing the client to propose an
upper limit such as "20" or "100", even when the client knows
that to be the appropriate upper limit for its PROPFIND request.


-----Original Message-----
From: Jim Davis [mailto:jrd3@alum.mit.edu]
Sent: Thursday, July 06, 2000 5:14 PM
Subject: RE: [hwarncke@Adobe.COM: Re: [dav-dev] Depth Infinity Requests]

At 05:58 PM 7/6/00 +0100, Gary Barnett wrote:
>I think that creating a specification that builds in non-deterministic
>behaviour would be a real pain.
>I think that the idea of passing a depth value (with perhaps a default
>which all servers support) makes sense from a client perspective.

What we gain from the indeterminacy is flexibility.  Otherwise, we either
set the minimum standard high (and rule out cheap implementations) or set
it low (thus requiring all clients to use inefficient methods, and making
powerful implementations either useless or non-standard.)

Yaron put it like this

"The client proposes, the server disposes".

Clients should ask for what they want, and be prepared to get less than
Received on Thursday, 6 July 2000 23:21:40 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:22 UTC