Re: WebDAV and Open Pluggable Edge Services from Jason Crawford on 2002-03-21 (w3c-dist-auth@w3.org from January to March 2002)

From: Jason Crawford <ccjason@us.ibm.com>
Date: Thu, 21 Mar 2002 00:29:36 -0500
To: "Lisa Dusseault" <ldusseault@xythos.com>
Cc: w3c-dist-auth@w3.org, w3c-dist-auth-request@w3.org
Message-ID: <OFD1D2D938.558E2457-ON85256B83.001BEA63@pok.ibm.com>

<<
2.  The situation could be made easier if all WebDAV clients were able to
include a header in GET requests indicating that the request is being made
by an authoring client, not a browsing client.  I suggest a header rather
than a method, because a new method will not be supported for much longer,
and won't interoperate with non-WebDAV servers.
>>
But it doesn't deal with websites that simply serve sample code... or
anything else that might possibly trigger the transformations.  This
doesn't sound like a WebDAV specific issue.

2.5) Or... the server could specify that it not-be/be transformed with a
flag,
but this is not WebDAV specific again.

<<
3.  The source property is no help in this situation.  Doing a PROPFIND can
get you the source property, but then a GET to the URL in that property may
be subject to the same edge service transformations as the original URL.
>>
Yup.  It doesn't hurt or help.

<<
4.  End-to-end encryption and/or signatures are the ultimate way to stop
edge services from transforming data.  Perhaps the spec coudl use a
recommendation that WebDAV servers SHOULD support TLS, and that WebDAV
clients SHOULD attempt to use TLS, even for content that is also available
unencrypted.  However, there are some unsolved issues here.  How does the
client discover that the content available over TLS is the same as the
content available over unsecured HTTP, in cases where the content doesn't
need to be secured by TLS for ordinary browsers?  Note that it's equally
possible for the server to host *different* content on ports 80 and 443, so
the client must be able to differentiate the two cases.
>>
I have no problem with recommending TLS, but in regard to edge servers this
doesn't
sound like a webdav specific issue.  And WebDAV really isn't doing
anything odd or surprising that should require special consideration by
the OPES folks.  The OPES guys simply need to do the right thing.

Of course if someone see's it differently....  :-)

J.


------------------------------------------
Phone: 914-784-7569,   ccjason@us.ibm.com

Received on Thursday, 21 March 2002 00:37:41 UTC