Re: [Bug 12] Destination header "consistent" from Lisa Dusseault on 2005-10-28 (w3c-dist-auth@w3.org from October to December 2005)

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Fri, 28 Oct 2005 14:17:46 -0700
To: Geoffrey M Clemm <geoffrey.clemm@us.ibm.com>
Cc: Jim Whitehead <ejw@soe.ucsc.edu>, Julian Reschke <julian.reschke@gmx.de>, WebDav <w3c-dist-auth@w3.org>, w3c-dist-auth-request@w3.org
Message-Id: <08b7ad41a9538f6fdbcf304404910853@osafoundation.org>

Well I do agree on removing this section, and that supporting Location 
with 207 responses isn't necessary.   That means there's some text 
early in section 12 that can go away, as well.

However, without those pieces of text, the use of the Location header 
with 207 responses becomes undefined, and that always makes me feel 
uncomfortable.    Server implementors won't know for sure if they can 
use the Location header, it seems logical that it might work but as 
we've seen there are some subtleties in how the client might interpret 
that.  Clients are probably not prepared to handle it.  So I propose 
that we include text to be clear that the Location header SHOULD NOT 
appear in certain responses.

I'm sensitive to the worry of preventing extensions but surely there's 
some way of dealing with that.  An extension can override "SHOULD" 
level requirements, or we could come up with some "exception" 
language... as in "servers SHOULD NOT return a Location header in these 
responses unless the client has some way to interpret that header."

Lisa

On Oct 27, 2005, at 8:17 PM, Geoffrey M Clemm wrote:

>
> +1
>
> w3c-dist-auth-request@w3.org wrote on 10/27/2005 07:50:06 PM:
>
>  >
>  > >
>  >
>  > Julian writes:
>  > > Back to this issue:
>  > >
>  > > 1) I'm not aware of any interop problems.
>  > >
>  > > 2) I'm not aware of anybody having asked about this.
>  > >
>  > > 3) I don't see any benefit in RFC2518bis making statements about  
>  > > this, even if we *did* agree on what to say
>  >
>  > I have just read through this entire thread, and I agree with his  
>  > statement above, and the conclusion Julian reached in:
>  > 
> http://lists.w3.org/Archives/Public/w3c-dist-auth/2005OctDec/0294.html
>  >
>  > Specifically:
>  >
>  > * I don't think there is a compelling need to disallow Location and 
> 207
>  > * I don't think we need any special mechanism for handling 3xx 
> within  
>  > a PROPFIND
>  > * I think it's fine if a client needs to retry a PROPFIND request 
> if  
>  > it receives a 3xx response
>  >
>  > I feel a slight desire to add a 3xx response to one of the PROPFIND 
>  
>  > 207 response examples in the text, but could live without it.
>  >
>  > Unless others chime in, I think we're seeing rough consensus for  
>  > removing the current 8.1.3, whose text is described in Bug 12 
> within  
>  > Bugzilla:
>  > http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=12
>  >
>  > - Jim
>  >
>  >
>  >
>  >

Attachments

text/enriched attachment: stored

Received on Friday, 28 October 2005 21:18:04 UTC