W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2003

RE: WebDAV vs FTP, not an easy choice

From: Lisa Dusseault <lisa@xythos.com>
Date: Sun, 29 Jun 2003 08:17:12 -0700
To: "'Frank Lowney'" <frank.lowney@mac.com>, <w3c-dist-auth@w3.org>
Message-ID: <00b801c33e51$862c9e50$fdcb90c6@lisalap>

Hi Frank,

I'll try to answer your questions about WebDAV vs. FTP:


> 1) WebDAV cannot be programmatically and securely applied to 
> individual web sites.  Currently, creating an account on my MacOS X 
> Server (Apache) programmatically creates web space whose address 
> takes the form http://myserver.gcsu.edu/~username and 
> programmatically enables FTP access to that web space using the un/pw 
> assigned to the account.  This can be done on a large scale with 
> batch methods.

I'm not sure what you're asking here.  Are you asking from an
implementor/administrator point of view, whether a server can be implemented
that supports WebDAV and securely supports individual Web sites?  If that's
the question, then Sharemation is an existence proof that this can be easily
done.  The site www.sharemation.com hosts individual web sites for many
thousands of accounts.  Although there's a Web interface to allow users to
sign up, after registration users can manage their sites with WebDAV.  Many
universities are now starting to provide WebDAV-enabled individual sites to
students with this technology, but instead of allowing free signup as
Sharemation does, these universities use batch methods to create thousands
of accounts each semester as new students arrive.  There is no FTP access to
these accounts because it's no longer needed.

Or are you asking whether WebDAV can be used by a client program to manage a
Web site remotely and automatically?  Sitecopy and GoLive are client
programs that do this.

> 2)  WebDAV does not offer disk space quota enforcement and the means 
> with which to discover one's usage of that disk space and take 
> corrective action.

A WebDAV server implementation can offer disk space quota enforcement, as
Apple iDisk and Xythos WFS do.  This must be managed by the administrator of
course.  It's true that it's difficult to discover one's usage of that disk
space however there is a HTTP error commonly used when that quota is reached
("Insufficient Storage").  Furthermore, we're working on an extension to
WebDAV to provide quota-related properties so that an individual user may
discover their quota and storage usage. 

Are you sure that FTP offers this functionality anyway?  I didn't think that
was part of the FTP standard.  I would think the user would have to type in
Unix queries and understand the answer themselves, rather than be able to
use a GUI client that is capable of parsing the quota information and issue
warnings.

> 3) WebDAV does not offer password management (neither does FTP but I 
> mention it here to complete a basic feature list).

Typically password management is not part of an application protocol -- as
you point out, it's not part of FTP (nor is it part of IMAP, etc)

Instead, typically password management is an administrative function, which
means that it can either be done through an administration UI (not through
the application protocol) or through LDAP.  WebDAV can work with LDAP: e.g.
an administrator can create LDAP accounts and set passwords, then when users
try to log into the WebDAV server the WebDAV server queries the LDAP server
to see if the login should be allowed.  A number of universities are also
doing this already.  I can provide you with more details if you're
interested.

Good questions!
Lisa Dusseault
Received on Sunday, 29 June 2003 11:17:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:04 GMT