W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2005

Re: [Ietf-caldav] [Fwd: draft-reschke-http-addmember-00]

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 17 Feb 2005 18:19:35 +0100
Message-ID: <4214D227.9020607@gmx.de>
To: Cyrus Daboo <daboo@isamet.com>
CC: Jamie Lokier <jamie@shareable.org>, Mark Baker <distobj@acm.org>, "Roy T. Fielding" <fielding@gbiv.com>, WebDAV <w3c-dist-auth@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, CalDAV DevList <ietf-caldav@osafoundation.org>

Cyrus Daboo wrote:
> Hi Jamie,
> 
> --On February 17, 2005 4:41:42 PM +0000 Jamie Lokier 
> <jamie@shareable.org> wrote:
> 
>>> No, it would be the container resource itself. For CalDav, the calendar
>>> collection; for Atompub, the feed resource itself.
>>
>>
>> Why can't you POST to the container resource?
>>
>> That's what POST is for, after all.
> 
> 
> The WebDAV rfc has the following statement in it in Section 5.3 as a 
> justification for creating a new method (MKCOL in this case) rather than 
> using a special POST operation:
> 
>>    While the POST method is sufficiently open-ended that a "create a
>>    collection" POST command could be constructed, this is undesirable
>>    because it would be difficult to separate access control for
>>    collection creation from other uses of POST.
> 
> 
> Wouldn't the same issue be relevant here?
> 
> Interestingly the current WebDAV ACL document does not appear to mention 
> POST at all - even in the 'Normative' Method Privilege Table in Appendix 
> B. Is there a reason for that?

Yes. As you can do anything with POST, it's impossible to state what 
privileges you'll need.

> Whatever solution we come up with it ideally needs to work seamlessly 
> with WebDAV ACL.

That would be preferrable.

Best regards, Julian

-- 
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Thursday, 17 February 2005 17:20:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:07 GMT