- From: Cyrus Daboo <daboo@isamet.com>
- Date: Thu, 17 Feb 2005 17:03:53 +0000
- To: Jamie Lokier <jamie@shareable.org>, Julian Reschke <julian.reschke@gmx.de>
- cc: Mark Baker <distobj@acm.org>, "Roy T. Fielding" <fielding@gbiv.com>, WebDAV <w3c-dist-auth@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, CalDAV DevList <ietf-caldav@osafoundation.org>
Hi Jamie, --On February 17, 2005 4:41:42 PM +0000 Jamie Lokier <jamie@shareable.org> wrote: >> No, it would be the container resource itself. For CalDav, the calendar >> collection; for Atompub, the feed resource itself. > > Why can't you POST to the container resource? > > That's what POST is for, after all. The WebDAV rfc has the following statement in it in Section 5.3 as a justification for creating a new method (MKCOL in this case) rather than using a special POST operation: > While the POST method is sufficiently open-ended that a "create a > collection" POST command could be constructed, this is undesirable > because it would be difficult to separate access control for > collection creation from other uses of POST. Wouldn't the same issue be relevant here? Interestingly the current WebDAV ACL document does not appear to mention POST at all - even in the 'Normative' Method Privilege Table in Appendix B. Is there a reason for that? Whatever solution we come up with it ideally needs to work seamlessly with WebDAV ACL. -- Cyrus Daboo
Received on Thursday, 17 February 2005 17:06:06 UTC