- From: Tim Olsen <tolsen718@gmail.com>
- Date: Tue, 3 Oct 2006 10:47:30 -0400
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: w3c-dist-auth@w3.org
On 10/3/06, Julian Reschke <julian.reschke@gmx.de> wrote: > Tim Olsen schrieb: > > Let's say I do an infinite-depth copy on /CollX to /CollY, and I have > > read permission on Collection C1, but not on Resource R1. In my > > multistatus response, do I have to specify a 401 for each URL for > > Resource R1 (/CollX/x.gif and /CollX/y.gif), or for just one of them? > > Independently of that question, it would be 403, right? I'm not sure. From HTTP/1.1 : "If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials." Whereas for 403: "Authorization will not help and the request SHOULD NOT be repeated." So if you have the option of authenticating with different credentials which may have the proper permissions, then I guess 401 is appropriate? thanks, Tim
Received on Tuesday, 3 October 2006 14:47:48 UTC