W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: Review of RFC2518bis pre-draft

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 10 Dec 2005 16:03:16 +0100
Message-ID: <439AEE34.2050604@gmx.de>
To: WebDAV <w3c-dist-auth@w3.org>

Elias Sinderson wrote:
>> 3. Terminology
>> Inconsistent typography (":" vs "-")
> Fixed.


>> "A URI mapping can be thought of as a URL pointing to a resource."
>> I'm not sure what this is supposed to mean. Please remove it or clarify.
> Removed.


>> 7.6  Write Locks and Unmapped URLs
>>    A successful lock request to an unmapped URL MUST result in the
>>    creation of an locked resource with empty content.  Subsequently, a
>>    successful PUT request (with the correct lock token) provides the
>>    content for the resource, and the server MUST also use the content-
>>    type and content-language information from this request.
>> Making this a MUST creates a conflict with an upcoming TAG finding by 
>> Roy Fielding.
> Discussion needed; created new bugzilla issue.

Done: <http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=205>

>> 8.2.6 Example - Using 'allprop' to Retrieve Dead Properties and 
>> RFC2518 Properties
>> Nits:
>> - move it back where it was in RFC2518
>> - avoid the term RFC2158 properties in the title
> Renamed; brief explanatory note added.

It would be nice if it also could be moved back to where it was in 
RFC2518 in order to avoid needless diffs.

>> - XML in example to be fixed, for instance whitespace in 
>> D:getlastmodified
> Fixed the example. However, since DAV:get* properties are based upon 
> definitions made in rfc2616, LWS may be found in some implementations -- 
> explanatory text added to section 14.

a) the date doesn't use rfc1123 syntax

b) I object to that change, LWS is not part of the value of the header, 
that is whitespace is not allowed here (any evidence of a server adding 
this???). Do I need to open an issue for that?

>> - intra-doc reference to Section 13 is incorrect
> Fixed.


>> 8.3.1 [...] (2nd sentence) Again, this is correct, but
>> a) doesn't really need to be mentioned,
>> b) but if is mentioned, then using MUST is incorrect here. [...]
> 2nd sentence left in, with MUST removed.


>> 8.7  DELETE [...] This is still a lame way to introduce DELETE.  [...]
>> 8.9.5  Status Codes [...] 403 (Forbidden) [...] Confusing. Servers may 
>> treat this as a nop, just returning 200. Just be silent about it.
> Discussed this but left the text in, as the semantics were defined in 
> 2518 (see similar comment below).

Well, it was mentioned, but the spec never contained a requirement for 
servers to reject this.

>> 8.10.4  Status Codes
>>    204 (No Content) - [...] Sentence broken [...]
> Rewrote text to clarify 204 and 201.


>>    403 (Forbidden) [...] And being source and destination identical 
>> would be a problem exactly why?
> Semantics defined in 2518, left alone as a change could compromise 
> resource identity (e.g. creation date may change, corruption of version 
> history, etc.).

I don't buy that rational, because that would just mean that the server 
did what the client told him to do. In particular, the version history 
would not be corrupted nor removed (see RFC3253 COPY semantics).

>> 12.1  Response headers [...] This section doesn't provide any useful 
>> information. In particular, the second sentence seems to be completely 
>> out of context.
> Rewrote this section (originally added following discussion of issue 
> 47). Second sentence has been removed.

It now says:

    HTTP defines the Location header to indicate a preferred URL for the
    resource that was addressed in the Request-URI (e.g. in response to
    successful PUT requests or in redirect responses).  However, use of
    this header creates ambiguity when there are URLs in the body of the
    response, as with Multi-Status.  Thus, use of the Location header
    with the Multi-Status response is intentionally undefined.

I still don't understand this. How does the presence of a Location 
header create an ambiguity here? The URLs in the response mean exactly 
what this spec defines them to mean, and there is absolutely no 
ambiguity here.

I'd also like to point out that we've been wasting an incredible amount 
of time undoing a change that was meant to talk about the 
"Content-Location" header, not "Location". As far as I can tell, nobody 
has asked questions about "Location" until I asked why it was put in 
without prior discussion, and I fail to see how this addition makes this 
a better spec. Please remove it.

>> 12.2  URL handling [...]
> Rewrote most of this section, incorporating some of your proposed text, 
> and paying attention to RFC3986 language -- please review.

Now says:

12.2  URL Handling

    A Multi-Status body contains one or more 'response' elements.  Each

Zero or more.

    response element describes a resource, and has an 'href' element
    identifying the resource.  The 'href' element MUST contain an
    absolute URI or relative reference.  It MUST NOT include "." or ".."
    as path elements.

It would be helpful if this would refer to the sections of RFC3986 
defining this terms. In particular, I fail to see why we are now 
restricted to "absolute-URI" instead of "URI". Also note that 
"URI-reference" means "URI / relative-ref", so we could use just that.

    If a 'href' element contains a relative reference, it MUST be
    resolved against the Request-URI.  A relative reference MUST be an
    absolute path (note that clients are not known to support relative

Again, a reference to the right places in RFC3986 grammar seems to be 

    Identifiers for collections appearing in the results SHOULD end in a
    '/' character.

    If a server allows resource names to include characters that aren't
    legal in HTTP URL paths, these characters must be percent-encoded on

Why restrict to HTTP URL?

    the wire (see [RFC3986], section 2.1).  For example, it is illegal to
    use a space character or double-quote in a URI.  URIs appearing in
    PROPFIND or PROPPATCH XML bodies (or other XML marshalling defined in
    this specification) are still subject to all URI rules, including
    forbidden characters.

The last sentence doesn't seem to be useful; what we're saying here 
applies to all uses of multistatus bodies, including error responses, or 
extensions (REPORT...).

>> 12.3  Handling redirected child resources [...]  Sounds like "We don't 
>> care what servers do".
> After some discussion, we now care and have rewritten the last sentence.

Great. It now says:

12.3  Handling redirected child resources

    Redirect responses (300-303, 305 and 307) defined in HTTP 1.1
    normally take a Location header to indicate the new URI for the
    single resource redirected from the Request-URI.  Multi-Status
    responses contain many resource addresses, but the original
    definition in RFC2518 did not have any place for the server to
    provide the new URI for redirected resources.  This specification
    does define a 'location' element for this information (see
    Section 13.9).  Servers MUST use this new element with redirect
    responses in Multi-Status.

I think the last two sentences belong into the Changes appendix, not here.

  >> 19.7  Risks Connected with Lock Tokens [...]
> Proposed text inserted with a couple of tweaks (title of RFC, version / 
> variant language, and minor wordsmithing introducing the list).

Still :-)

1) Says "Variant x UUID" when it should say "Version x UUID"

2) Misses the statement "Since a WebDAV server will issue many locks 
over its lifetime, the implication is that it may also be publicly 
exposing its IEEE 802 address.". Why?

>> 22.1 Normative References [...]
> Reference to 2518 moved to informative references.

Thanks. I just noted that the XML Infoset reference appears under 
"informative", but that is indeed normative. But we're still discussing 
the "property value" proposal, based on what's in BugZilla 
(<http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=10>), right?

Best regards, Julian
Received on Saturday, 10 December 2005 15:04:57 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:34 UTC