RE: Creation time of a version, Baseline-control stuff, diverse from Clemm, Geoff on 2002-04-21 (ietf-dav-versioning@w3.org from April to June 2002)

From: Clemm, Geoff <gclemm@rational.com>
Date: Sun, 21 Apr 2002 18:59:59 -0400
To: Edgar Schwarz <edgar@edgarschwarz.de>, Deltav WG <ietf-dav-versioning@w3.org>
Message-ID: <3906C56A7BD1F54593344C05BD1374B1069795C1@SUS-MA1IT01>

   From: Edgar Schwarz [mailto:edgar@edgarschwarz.de]

   In 12.6.1 we see:
   BASELINE-CONTROL
   baseline-control
	   href

   Shouldn't this be (See 12.6) ?
   BASELINE-CONTROL
   baseline-control
	   baseline
		   href


Egads!  It certainly should be.  I'll add that to the Errata.

   Then I'm looking for some reports.  First I would like to have
   information on a baseline. How can I get the list of versions and
   subbaselines ?

To get the list of versions, do a PROPFIND Depth:Infinity on the
DAV:baseline-collection of the baseline.  To get the subbaselines, get
the DAV:subbaseline-set property of the baseline.

   Second I want to have information on a configuration. This means
   state (checked-out, checked-in) and a list of VCRs, VCCs and their
   states.

To get the DAV:checked-in and DAV:checked-out properties of the
configuration, just PROPFIND the DAV:version-controlled-configuration
of any member of the configuration for those two properties.

What list of VCR's did you have in mind?  If it is all the VCR's that
are the member of the configuration, just PROPFIND Depth:Infinity
the root collection of the configuration for DAV:checked-in and
DAV:checked-out (any resource that has these properties is a VCR
that is a member of the configuration).  By VCC, did you mean
VCCn or VCCl?

   I also twice read negative things on WebDAV recently. It was
   considered a security risk.  But it wasn't clear whether WebDAV
   itself was the target or faulty implementations.  I hope ACL (which
   I didn't have the time to follow) will cure these problems.

These were negative comments about WebDAV appear to be derived from a
basic misunderstanding of the WebDAV design.  In particular, they
appear to assume WebDAV suffers from the same security problems as
protocols like SOAP that tunnel through POST.  WebDAV was specifically
designed to not have these problems (at non-trivial cost, since the
secure approach adopted by WebDAV creates problems with non-HTTP/1.1
compliant proxies), so it is rather frustrating for WebDAV to be
incorrectly singled out, instead of the protocols (like SOAP) that in
fact do have these problems.  Several of us have sent messages to the
authors of these incorrect statements, and hopefully they will be
retracted.

Cheers,
Geoff

Received on Sunday, 21 April 2002 19:00:48 UTC