RE: ISSUE: MUST a client wait for 100 when doing PUT or POST requests? from Wingard, Steve on 1997-06-10 (ietf-http-wg@w3.org from April to June 1997)

From: Wingard, Steve <swingard@spyglass.com>
Date: Tue, 10 Jun 1997 18:13:09 -0500
To: 'John Franks' <john@math.nwu.edu>, 'Scott Lawrence' <lawrence@agranat.com>
Cc: "'http-wg@cuckoo.hpl.hp.com'" <http-wg@cuckoo.hpl.hp.com>
Message-Id: <c=US%a=_%p=Spyglass%l=SPYBEM01-970610231309Z-24324@spybem01.nap.spyglass.com>

On Tuesday, June 10, 1997 5:28 PM, John Franks [SMTP:john@math.nwu.edu]
wrote:
> 
> It must be an *extremely* rare case that 1) a form requires
> authentication, 2) the response requires authentication, and 3) the
> authentication credentials for 1) and 2) are different!

Not necessarily "extremely" rare.  Embedded configuration
interfaces (which Scott used as an example) are probably
the most common case today -- access to VIEW a form detailing
the configuration or status of a printer may be granted to a
fairly wide (but not universal) audience.  But the group of
people that are actually allowed to MODIFY that configuration
by submitting the form with new values would be much smaller.
Using different realms for "view" vs. "set" is a very straightforward
way to accomplish this.

Steve Wingard
Spyglass

Received on Tuesday, 10 June 1997 16:49:47 UTC