[Bug 144] IF_HEADER_CHECKS_AFTER_OTHER_CHECKS from bugzilla@soe.ucsc.edu on 2005-12-14 (w3c-dist-auth@w3.org from October to December 2005)

From: <bugzilla@soe.ucsc.edu>
Date: Wed, 14 Dec 2005 10:53:05 -0800
To: w3c-dist-auth@w3.org
Message-Id: <200512141853.jBEIr5jP025010@ietf.cse.ucsc.edu>

http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=144

ejw@cs.ucsc.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|joe-bugzilla@cursive.net    |lisa@osafoundation.org



------- Additional Comments From ejw@cs.ucsc.edu  2005-12-14 10:53 -------
Discussed during 12/14/05 teleconference.

Agreement on the call:

* Should add a statement that authentication and authorization MUST be performed
prior to evaluating If header. Evaluating the If header first might allow a
client to discover information about the resource that he wouldn't ordinarily be
able to find out without privileges. For example, a client could discover
whether a resource exists, or has changed. Text to be added to the If header
section.

* There didn't seem to be a compelling reason to have If evaluated before/after
If-Match, and hence no text needs to be added here.




------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Received on Wednesday, 14 December 2005 18:53:57 UTC