W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2002

RE: A case for GETSRC (or other mechanism to that effect)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 28 Feb 2002 10:16:47 +0100
To: "CJ Holmes" <cholmes@4d.com>, <w3c-dist-auth@w3c.org>
Message-ID: <JIEGINCHMLABHJBIGKBCCEOIEBAA.julian.reschke@gmx.de>
> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of CJ Holmes
> Sent: Thursday, February 28, 2002 6:59 AM
> To: w3c-dist-auth@w3c.org
> Subject: A case for GETSRC (or other mechanism to that effect)
>
> ...
>
> First, I appreciate what the DAV working group is trying to do by
> allowing multiple sources for a given document, and making each
> source a separate resource.  I won't bother denying that it is useful
> to some people and interesting in its own right.  I totally see the
> logic in it.  But it is an abstraction that is useful only to a small
> minority of users, and is very difficult to implement.  If you doubt
> that, I direct you to the total lack of implementations.  But I'll

I think the lack of implementations is caused by

- people choose to support the Translate header because they really haven't
a choice (as this is what the Microsoft clients use),

- the description of the source property is buggy and hard to understand
(this could be fixed).

> make a case on other grounds, as well.
>
> With any DAV request except GET the process is rather straightforward:
>
> 	A virtual host is selected
>
> 	Security determines what rights the user has on the URL.  In
> the Apache universe that means PUT, POST, MKCOL, GET, etc..  In our
> universe (WebSTAR) that means read, write, list, mkdir, etc..
>
> 	We figure out what file the URL maps to.
>
> 	In deciding which plug-in will handle the request, a DAV
> plug-in simply claims anything with a DAV-specific method.  If it is
> MKCOL, DELETE, etc. then the DAV plug-in claims it.
>
> 	DAV handles the request, within the limits set by the
> security plug-in.
>
> All of this works great, until we get to the GET method.  Plug-ins
> have no way of knowing the difference between a normal GET that
> should be handled normally, and a GET that is intended to retrieve
> the source of a document and requires special permissions.  In effect
> we have TWO semantics for GET.  And so we start creating fake URL
> spaces.  But we quickly run into security and configuration hassles.

I object to the term "fake URL space". Defining separate namespaces for
sources and outputs seems like a logical solution to me.

> The bottom line is that there's no way to provide good DAV access
> without some special configuration on the server.  And it isn't the
> result of some kind of design error by the implementor, but a basic
> issue with how the protocol is designed.  Unless you are only dealing
> with static content you MUST set up a whole new URL space to do DAV
> at all.

Yes. So? I don't understand why this is a problem per se.

> In practice setting this up is such a bother that what most
> administrators do is create a whole new virtual host with all
> plug-ins disabled in order to get it done.  Is it just me, or is it
> entirely ridiculous that server administrators have to double the
> number of virtual hosts they support just to give decent DAV access
> to their users?

Well, they don't. How this is done is completely implementation-specific,
I'd say.

> ...

I think we need to answer this questions.

Given an ASP file and it's output -- are these two different resources, or
are they different representations of the same resource? In the first case
they'll *need* different URIs, in the other case normal HTTP variant
handling can be used.

Even when you choose the latter -- how do you treat then output resources
with multiple source resources?
Received on Thursday, 28 February 2002 04:17:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:59 GMT