W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2002

RE: Interop issue: how can clients force authentication?

From: Jason Crawford <nn683849@smallcue.com>
Date: Sun, 22 Sep 2002 22:48:48 -0400
To: "Clemm, Geoff" <gclemm@Rational.Com>
Cc: Webdav WG <w3c-dist-auth@w3c.org>
Message-ID: <OFA605B1CB.0A2D239C-ON85256C3D.000E6D14@us.ibm.com>




> The problem: A client wants to check if the current user is
> authenticated to do an operation before it has that user provide the
> input for that operation, and before it performs expensive
> computations to set up the input for that request.

This seems to be a bit beyond our current scope.  But given the
solution to this is likely to be trivial, and some people seem to value
this, I can't protest much.


> The proposal: Document in the 2518bis that the authentication check
> SHOULD be performed before the If header check (so that a simple
> contradictory If header can be used to check the authentication for
> "dummy version" of the operation, i.e. one with dummy values that did
> not require user input or expensive calculations on the client).

I like this solution since it's probably a good thing in general to
indicate the order of header checking.  This will create consistancy
that should aid clients greatly in understanding responses.

I do recall we got into a very brief discussion of order of header
evaluation
a while back.  I forget what the topic was or what order we decided.  I
suggest
we go with your proposal and see if any problems turn up.

I can't say I'm a fan of use of NOT in a If: header  though.  :-)  But the
concept
of submitting a predictably false If header seems fine with me.
Received on Sunday, 22 September 2002 23:51:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:01 GMT