- From: Scott Lawrence <scott@skrb.org>
- Date: Thu, 17 Feb 2005 13:07:14 -0500
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Cyrus Daboo <daboo@isamet.com>, Jamie Lokier <jamie@shareable.org>, Mark Baker <distobj@acm.org>, "Roy T. Fielding" <fielding@gbiv.com>, WebDAV <w3c-dist-auth@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, CalDAV DevList <ietf-caldav@osafoundation.org>
On Thu, 2005-02-17 at 18:19 +0100, Julian Reschke wrote: > > The WebDAV rfc has the following statement in it in Section 5.3 as a > > justification for creating a new method (MKCOL in this case) rather than > > using a special POST operation: > > > >> While the POST method is sufficiently open-ended that a "create a > >> collection" POST command could be constructed, this is undesirable > >> because it would be difficult to separate access control for > >> collection creation from other uses of POST. That statement misses the point - it may be true that it's difficult to express the access control based just on the method, but that doesn't mean that it's difficult to implement appropriate access control in either the client or the server. The method alone does not specify the operation - indeed, in the case of POST the full specification of the operation is deliberately expanded to include the body mime type and the body content. I don't think you've shown how what you're trying to do is any different from what POST has always done. -- Scott Lawrence <scott@skrb.org> http://skrb.org/scott/
Received on Thursday, 17 February 2005 18:07:16 UTC