Re: BugZilla issue 213, PROPFIND:infinity from Wilfredo Sánchez Vega on 2006-02-04 (w3c-dist-auth@w3.org from January to March 2006)

From: Wilfredo Sánchez Vega <wsanchez@apple.com>
Date: Fri, 3 Feb 2006 18:52:32 -0800
To: Julian Reschke <julian.reschke@gmx.de>
Cc: WebDAV <w3c-dist-auth@w3.org>
Message-Id: <2327BC46-30FA-4748-8BF3-0F06AA567A90@apple.com>

   I could imagine a case where a server starts out by trying to  
honor the request, but if the depth level (or number of resources  
encountered, or whatever measure they use to judge the cost of this  
query) reaches some limit, it bails out and returns an error.

   I don't know if anyone does this now, but my server does honor  
depth: infinity at the moment and I was considering that sort of  
thing whenever the time comes that I need to reject such requests.

   As such, I'd like the spec to allow for me to reject depth:  
infinity requests for some but not all resources.  The old language  
seems to imply that I can either reject all or no such requests if I  
want to return a propfind-finite-depth error, though it's not really  
clear.  The proposed new language looks better, though perhaps "MAY  
be disabled" in 9.1 could be written as "MAY be disabled for some or  
all resources", or something similar.

	-wsv

On Feb 3, 2006, at 1:07 PM, Julian Reschke wrote:

>
> Hi,
>
> (see <http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=213>  
> for history).
>
> We discussed this issue during today's conference call, and the  
> remaining issue seems to be:
>
> If a server decides not to implement or support PROPFIND/ 
> Depth:infinity, is it allowed to do that generally (meaning that  
> any PROPFIND/Depth:infinity request will be rejected independently  
> of whether the resource at the request-URI is a collection, or the  
> collection happens to be "small"), or is it required to first check  
> that the Request-URI indeed identifies a collection, and the full  
> collection contents is indeed to expensive to return?
>
> I think the former represents what servers do today, and this means  
> clients can't rely on PROPFIND/Infinity support in any way. As a  
> matter of fact, I think clients cope with that already, and there's  
> really no problem in just stating this (AFAIK, Apache/moddav is  
> shipping configured that way).
>
> Requiring servers to check whether the resource is a collection,  
> and to decide on whether it would be too expensive to do seems like  
> an unrealistic requirement, because it may be almost as expensive  
> as executing the PROPFIND.
>
> Feedback appreciated,
>
> Julian
>

Received on Saturday, 4 February 2006 02:52:41 UTC