W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2006

Re: multistatus and BIND

From: Tim Olsen <tolsen718@gmail.com>
Date: Tue, 3 Oct 2006 10:47:30 -0400
Message-ID: <4be80d840610030747gb5224f0nd82815d84e6dbf45@mail.gmail.com>
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: w3c-dist-auth@w3.org

On 10/3/06, Julian Reschke <julian.reschke@gmx.de> wrote:
> Tim Olsen schrieb:
> > Let's say I do an infinite-depth copy on /CollX to /CollY, and I have
> > read permission on Collection C1, but not on Resource R1.  In my
> > multistatus response, do I have to specify a 401 for each URL for
> > Resource R1 (/CollX/x.gif and /CollX/y.gif), or for just one of them?
>
> Independently of that question, it would be 403, right?

I'm not sure.  From HTTP/1.1 :

"If the request already included Authorization credentials, then the
401 response indicates that authorization has been refused for those
credentials."

Whereas for 403:

"Authorization will not help and the request SHOULD NOT be repeated."

So if you have the option of authenticating with different credentials
which may have the proper permissions, then I guess 401 is
appropriate?

thanks,
Tim
Received on Tuesday, 3 October 2006 14:47:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:15 GMT