sounds like we've got a proposal that there's some agreement on. lisa, what's the next step for getting this into the spec? thanks. -ilya Jason Crawford wrote: > > The problem: A client wants to check if the current user is > > authenticated to do an operation before it has that user provide the > > input for that operation, and before it performs expensive > > computations to set up the input for that request. > > This seems to be a bit beyond our current scope. But given the > solution to this is likely to be trivial, and some people seem to value > this, I can't protest much. > > > The proposal: Document in the 2518bis that the authentication check > > SHOULD be performed before the If header check (so that a simple > > contradictory If header can be used to check the authentication for > > "dummy version" of the operation, i.e. one with dummy values that did > > not require user input or expensive calculations on the client). > > I like this solution since it's probably a good thing in general to > indicate the order of header checking. This will create consistancy > that should aid clients greatly in understanding responses. > > I do recall we got into a very brief discussion of order of header > evaluation > a while back. I forget what the topic was or what order we decided. I > suggest > we go with your proposal and see if any problems turn up. > > I can't say I'm a fan of use of NOT in a If: header though. :-) But the > concept > of submitting a predictably false If header seems fine with me.Received on Monday, 23 September 2002 17:53:28 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:01 GMT