W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2004


From: Julian Reschke <julian.reschke@gmx.de>
Date: Sun, 11 Jul 2004 13:07:21 +0200
Message-ID: <40F11F69.6070205@gmx.de>
To: Jason Crawford <ccjason@us.ibm.com>
Cc: w3c-dist-auth@w3.org

Jason Crawford wrote:

> Julian, I can't tell from this what you are recommending a server return 
> if (1) a bad token is provided  or (2) no token is provided.  Could you 
> please resumarize your conclusions?

(1) Would be a violation of the precondition DAV:lock-token-matches 
and thus would cause a 4xx status with DAV:error/DAV:lock-token-matches. 
The most appropriate 4xx code here seems to be 403 (as there doesn't 
seem to be a way to change the state of the resource in a way that the 
same request would succeed).

(2) Is a violation of the request syntax (which requires a Lock-Token 
header), thus would result in a plain 400. We *could* add a specific 
precondition name for that, but that seems to me like over-engineering.

Anyway, clients MUST be able to properly handle all kinds of 4xx status 
codes in a robust manner; so I think it's a bad idea to write specs in a 
way that suggest that certain other 4xx codes will never occur. Clients 
that are really interested in why the request failed can get far more 
reliable information by inspecting the DAV:error message body.

Best regards, Julian

(note that because I closed the issue in version -03 of my draft, the 
issue entry now has moved to 

<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Sunday, 11 July 2004 07:07:56 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:30 UTC