W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: [Bug 18] no record of consensus for force-authenticate

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 19 Oct 2005 00:44:47 +0200
Message-ID: <43557ADF.2070801@gmx.de>
To: Jim Whitehead <ejw@soe.ucsc.edu>
CC: WebDav <w3c-dist-auth@w3.org>

Jim Whitehead wrote:
> I support a solution along the lines of force-authenticate. There are  
> many times when a client would like to validate its ability to  perform 
> actions against a resource before performing an expensive  network 
> operation against that resource.

I don't argue that. The last time the WG (ie, the mailing list) 
discussed this, the consensus was to use an If header that would be 
known to fail. There is no written record of what we discussed later at 
the face to face meeting, and I frankly can't remember. So this is a 
process issue -- if it's supposed to become part of WebDAV, it has to 
make it through the process of (1) define what the problem is, then (2) 
find a WG consensus of how to resolve this. "Force-Authenticate" may 
very well be the solution.

Then again, if we want to *progress* in the standards ladder, I don't 
think we can put in a MUST-level requirement that hasn't been 
implemented by anybody although it has been in the draft for 2,5 years. 
If we're satisfied in just revising the spec at the same standards 
level, that's a different story (but then we should apply the same 
metrics to other things we're talking about, such as preserving 
namespace prefixes in properties which has at least *one* implementation).

> Julian--I don't think lack of implementation is a sufficient counter- 
> argument. Why do you think that this feature hasn't been implemented  
> (why haven't you implemented it, for example?)

We didn't implement it because

(1) no client asked for it and

(2) our server doesn't support non-authenticated access anyway.

On the other hand, Lisa has been working for a vendor that sells both 
servers and clients, so I'd be really interested to hear why it wasn't 
implemented over there? Maybe it's not that essential after all?

This really smells like a nice-to-have, in which case it certainly 
doesn't belong into a "Draft" revision of RFC2518bis.

Best regards, Julian
Received on Tuesday, 18 October 2005 22:44:59 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:33 UTC