March 8 Internet Draft of HTTP/1.0

Summary: Need input on how to handle setting realm of new entity
         and allowed methods within a realm.

I have implemented a HTTP server that implements all
methods described in the draft.  I am currently facing
some difficulty in deciding how best to handle the
notion of access permissions in the server.

The server maintains notional "user" accounts, which
do not have equal access to the document tree.  The server
uses a different realm for each user, as well as a "public"

The problem is that when a user does a PUT, they need to
be able to specify in what realm(s) they want the document

This gets hairier with regards to the user doing a PUT on
a document that they want to be available to the public for GET
or HEAD, but to only be "writable" by themselves via PUT.

In the short run, I am implementing what I need via an extended

  X-Access: "public"=GH "user12345"=*

Where "public" and "user12345" are realms, and "GH" and "*" correspond
to a terse form of allowed methods (G,H,P,O,L,U,D, or * for all)

It seems to me that this sort of issue is relevant to the HTTP,
because the implementation of realms in the current spec seems biased
towards retrieval, and there is no mention of it with regards to
document creation.

I desperately need advice on this subject, because I want to make
sure that I don't stray too far from the defined protocol spec.

Thanks in advance,


Roger Gonzalez                    Net Info Corporation                     56 Rogers Street
home   (617) 863-0705             Cambridge, MA 02142
mobile (617) 755-0635             work (617) 868-8600

60 09 3A EE FE 6A 1E CC   -pgp-   B7 F7 6B 0F 00 1D 01 C7 

Received on Tuesday, 6 June 1995 07:58:11 UTC