- From: Roger Gonzalez <rg@server.net>
- Date: Tue, 6 Jun 1995 10:56:10 -0400
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
- Cc: rg@server.net
--
Summary: Need input on how to handle setting realm of new entity
and allowed methods within a realm.
--
I have implemented a HTTP server that implements all
methods described in the draft. I am currently facing
some difficulty in deciding how best to handle the
notion of access permissions in the server.
The server maintains notional "user" accounts, which
do not have equal access to the document tree. The server
uses a different realm for each user, as well as a "public"
realm.
The problem is that when a user does a PUT, they need to
be able to specify in what realm(s) they want the document
available.
This gets hairier with regards to the user doing a PUT on
a document that they want to be available to the public for GET
or HEAD, but to only be "writable" by themselves via PUT.
In the short run, I am implementing what I need via an extended
header:
X-Access: "public"=GH "user12345"=*
Where "public" and "user12345" are realms, and "GH" and "*" correspond
to a terse form of allowed methods (G,H,P,O,L,U,D, or * for all)
It seems to me that this sort of issue is relevant to the HTTP,
because the implementation of realms in the current spec seems biased
towards retrieval, and there is no mention of it with regards to
document creation.
I desperately need advice on this subject, because I want to make
sure that I don't stray too far from the defined protocol spec.
Thanks in advance,
-Roger
Roger Gonzalez Net Info Corporation
rg@server.net 56 Rogers Street
home (617) 863-0705 Cambridge, MA 02142
mobile (617) 755-0635 work (617) 868-8600
60 09 3A EE FE 6A 1E CC -pgp- B7 F7 6B 0F 00 1D 01 C7
Received on Tuesday, 6 June 1995 07:58:11 UTC