W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2008

Re: I-D Action:draft-reschke-webdav-post-00.txt

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 01 Oct 2008 16:45:11 +0200
Message-ID: <48E38CF7.3040303@gmx.de>
To: WebDAV <w3c-dist-auth@w3.org>

Ok,

I have a new version ready that (hopefully) addresses all points that 
have been raised so far. See

	<http://greenbytes.de/tech/webdav/draft-reschke-webdav-post-latest.html>

BR, Julian (planning to submit it tomorrow as -01)


Cyrus Daboo wrote:
> 
> Hi Julian,
> 
> --On September 23, 2008 5:46:12 PM +0200 Julian Reschke 
> <julian.reschke@gmx.de> wrote:
> 
>>> "When a server supports WebDAV ACL [RFC3744], the DAV:bind privilege is
>>> required to be granted on the collection resource in which the new
>>> member resource is being created. If this privilege is denied or not
>>> present, the POST request MUST fail."
>>
>> Yes, although I'd move that into a "Relation to WebDAV ACL" section.
>>
>>> Another question: there is no restriction on what p:add-member URI can
>>> be? e.g. if I have the collection "/a/b/" can the p:add-member be
>>> another resource entirely, e.g. "/a/use-c-to-create-in-b/"? If this is
>>
>> I thought that was already clear; maybe I should have chosen a different
>> URI :-)
> 
> A couple of different examples would help make it clear.
> 
>>> possible it should be called out, as the behavior might be somewhat
>>> unexpected for clients. It might even be the case that the p:add-member
>>> URI is on a different server (e.g. new member items in a collection need
>>> "approval" from some other service). The interaction with WebDAV ACL in
>>
>> It seems that that kind of redirection would need a different mechanism.
>> Let's not make things more complicated than they need to be.
> 
> OK, then let's explicitly state that the add-member URI must not be on a 
> different server.
> 
>>> this case would need to be clear - i.e. what privileges are required on
>>> the p:add-member URI?
>>
>> I think it would be sufficient to state the ACL requirements in terms of
>> DAV:bind on the "real" collection. The add-member URI in general could me
>> a non-WebDAV resource, so talking about WebDAV ACLs really doesn't make
>> sense here.
> 
> OK, makes sense.
> 
Received on Wednesday, 1 October 2008 14:45:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:16 GMT