Re: [Ietf-caldav] [Fwd: draft-reschke-http-addmember-00]

Scott Lawrence wrote:
> On Thu, 2005-02-17 at 19:39 +0100, Julian Reschke wrote:
> 
>>Scott Lawrence wrote:
>>
>>>That statement misses the point - it may be true that it's difficult to
>>>express the access control based just on the method, but that doesn't
>>>mean that it's difficult to implement appropriate access control in
>>>either the client or the server.  The method alone does not specify the
>>>operation - indeed, in the case of POST the full specification of the
>>>operation is deliberately expanded to include the body mime type and the
>>>body content.
>>>
>>>I don't think you've shown how what you're trying to do is any different
>>>from what POST has always done.
>>
>>It's a aubset with well-defined semantics. I consider this a feature.
> 
> 
> But you could just as easily and precisely define those semantics by
> using POST and defining the mime type and operations it supports.

In which case I couldn't use the content-type of my actual request body 
for the Content-Type request header, right?

> You won't get caught be firewalls and proxy servers that think they know
> better about what methods are legitimate (which you most assuredly will
> if you create a new method - ask the WebDav implementors), and you won't
> have changed the semantics of the method at all.

I am one of these WebDAV implementors, thanks. I haven't had any issues 
with issues for a long time.

Best regards, Julian

-- 
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760

Received on Thursday, 17 February 2005 20:35:47 UTC