W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2002

Re: Interop issue: how can clients force authentication?

From: Ilya Kirnos <ilya.kirnos@oracle.com>
Date: Mon, 23 Sep 2002 14:55:03 -0700
Message-ID: <3D8F8DB7.4214CB74@oracle.com>
To: Jason Crawford <nn683849@smallcue.com>
CC: "Clemm, Geoff" <gclemm@Rational.Com>, Webdav WG <w3c-dist-auth@w3c.org>, Lisa Dusseault <lisa@xythos.com>

sounds like we've got a proposal that there's some agreement on.

lisa, what's the next step for getting this into the spec?

thanks.

-ilya



Jason Crawford wrote:

> > The problem: A client wants to check if the current user is
> > authenticated to do an operation before it has that user provide the
> > input for that operation, and before it performs expensive
> > computations to set up the input for that request.
>
> This seems to be a bit beyond our current scope.  But given the
> solution to this is likely to be trivial, and some people seem to value
> this, I can't protest much.
>
> > The proposal: Document in the 2518bis that the authentication check
> > SHOULD be performed before the If header check (so that a simple
> > contradictory If header can be used to check the authentication for
> > "dummy version" of the operation, i.e. one with dummy values that did
> > not require user input or expensive calculations on the client).
>
> I like this solution since it's probably a good thing in general to
> indicate the order of header checking.  This will create consistancy
> that should aid clients greatly in understanding responses.
>
> I do recall we got into a very brief discussion of order of header
> evaluation
> a while back.  I forget what the topic was or what order we decided.  I
> suggest
> we go with your proposal and see if any problems turn up.
>
> I can't say I'm a fan of use of NOT in a If: header  though.  :-)  But the
> concept
> of submitting a predictably false If header seems fine with me.
Received on Monday, 23 September 2002 17:53:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:01 GMT