W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

Re: [Interop] quick poll on the Translate field]

From: Matthieu Chevrier <mchevrier@4d.com>
Date: Thu, 15 Nov 2001 14:42:58 -0800
To: <w3c-dist-auth@w3.org>
Message-ID: <B81984F1.108A%mchevrier@4d.com>

> One very common mechanism for doing Web-based access control
> is to base the access control on the URL (i.e. what you can do
> to a resource depends on what the URL is).

An access control based entirely on the URL ? hum. so it would give the same
access for a GET and DELETE command ?
Even these systems need to extract other info from the HTTP request, like
the method name in the first place. So checking a new HTTP field should not
be a big deal (it's not in our implementation).

> When you do a COPY, should it go against the raw form or
> the processed form of the resource?  Probably need the Translate
> header for that then too.  Similarly for any other method that
> could reasonably be applied to both the raw and the processed form.

Do a COPY, MOVE, DELETE on the processed version makes no sense, isnt'it ?
At least for all the existing Clients that I know of right now.

For PROPFIND and PROPPATCH, it's not as obvious, though using the raw file
is probably what we want in 99% of the cases.

> So all that is needed is for the server to be able to dummy up
> some URL that means "the raw form of this resource" to avoid all
> these issues. 

I am not a big fan of having several URLs for the same resource in different
status. Seems more like a workaround than anything else.

To be honest I didn't really want to start discussing the specs when I asked
to the interop list who was supporting the 'Translate' field. too late ;-)

In my perspective if all clients were sending the 'Translate: f' with all
their outgoing requests AND if the servers were always targetting the raw
resource (considering the user has the right priviledges of course) then we
would not have this discussion today.

and my main concern is that, whatever solution is chosen, it is widely
supported asap by most Clients and Servers (another point for the translate
field). Unfortunately it does not seem to be the case, and it could be a
hurdle for the big WebDAV breakthrough we all want to happen. Sincerely,

Received on Monday, 5 November 2001 17:42:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:24 UTC