- From: Greg Stein <gstein@lyra.org>
- Date: Sun, 4 Nov 2001 18:36:24 -0800
- To: Matthieu Chevrier <mchevrier@4D.com>
- Cc: w3c-dist-auth@w3.org
[ moving this to the w3c-dist-auth list, where discussion belongs. a poll on the interop list is fine, but no more than that. ] Before continuing further on this discussion, you should read the thread that just occurred on the webdav working group list. See: http://lists.w3.org/Archives/Public/w3c-dist-auth/2001OctDec/0094.html and the replies... On Sun, Nov 04, 2001 at 01:40:02PM -0800, Matthieu Chevrier wrote: > > > mod_dav does not implement it, and it never will. > > Frankly, I believe that this is a mistake. but I am a bit too young to the > DAV world to try to convince you. You're free to disagree with me :-) > I wish I could hear from some people on the Client side, especially the > GoLive/DreamWeaver teams, or simply some webmasters using WebDAV as > end-users. With some luck some of them could confirm that you just can't use > WebDAV to edit remotely your website if it contains non static pages. and > that means quite a few people will stick with FTP ;-( I realize that WebDAV > is not intended only for Webmasters, but they still represent a large amount > of users. I've used it myself, and the multiple resource model works quite fine. Through one namespace, I get the output. Through another, it is read/write and I can edit the source. So I maintain that today's WebDAV *can* edit non-static pages. Now, if the clients could simply read the DAV:source element, then it make things even easier. > Now concerning the alternative/cleaner solutions you refer to, I do not know > what they are. The DAV:source element referring to a separate namespace. Go read that thread that I referred to at the top of this email. > but I fear in advance that it's going to be much more > complex, that very few clients will actually implement it, and that in > practive it will do no more than what the Translate field did. If you "do not know what they are", then you cannot make that claim. So don't even try, please. > Also, I am > concerned about the security : the most straightforward solutions are often > the most secure (IIS4 being the exception to this rule ;-) Separate resources for the source and for the generated output means that you can apply *better* security. One resource is open to everybody, and the other resource is locked up tight. > So what will gain WebDAV from this choice, apart from proving that even > Microsoft can't always do whatever they want ? Microsoft has nothing to do with this. WebDAV has a design for this today, and it works. The Translate header has numerous problems. In particular, I like Roy Fielding's and Geoff Clemm's responses in the referenced thread; they make pretty strong/clear points about the issue. > Don't get me wrong, I am a big supporter of WebDAV, and I am just trying to > find a practical solution to an issue which I believe has been left apart by > the specs. And the solution brought silently by Microsoft, which may be not > the most elegant/perfect, does address the issue. But if other people tell > me that the other solutions are much better AND are implemented, then I will > be happy to modify our server WebSTAR in order to support it. Existing implementations of a poor solution does not make it a good solution. We're here to make good standards, not to simply follow what somebody has done to work around a problem. Cheers, -g -- Greg Stein, http://www.lyra.org/
Received on Sunday, 4 November 2001 21:30:06 UTC