- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 03 Oct 2006 18:13:44 +0200
- To: Tim Olsen <tolsen718@gmail.com>
- CC: w3c-dist-auth@w3.org
Tim Olsen schrieb: > On 10/3/06, Julian Reschke <julian.reschke@gmx.de> wrote: >> Tim Olsen schrieb: >> > Let's say I do an infinite-depth copy on /CollX to /CollY, and I have >> > read permission on Collection C1, but not on Resource R1. In my >> > multistatus response, do I have to specify a 401 for each URL for >> > Resource R1 (/CollX/x.gif and /CollX/y.gif), or for just one of them? >> >> Independently of that question, it would be 403, right? > > I'm not sure. From HTTP/1.1 : > > "If the request already included Authorization credentials, then the > 401 response indicates that authorization has been refused for those > credentials." > > Whereas for 403: > > "Authorization will not help and the request SHOULD NOT be repeated." > > So if you have the option of authenticating with different credentials > which may have the proper permissions, then I guess 401 is > appropriate? Yes, it seems you are right. Of course that may be hard to detect on the server...
Received on Tuesday, 3 October 2006 16:13:58 UTC