- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Tue, 26 Jun 2018 11:29:27 -0700
- To: Дилян Палаузов <dilyan.palauzov@aegee.org>
- Cc: ietf-http-wg@w3.org
> On Jun 25, 2018, at 4:53 PM, Дилян Палаузов <dilyan.palauzov@aegee.org> wrote: > > Hello, > > how is Allow: different from WebDAV ACL "DAV:current-user-privilege- > set" [ > https://tools.ietf.org/html/rfc3744#section-5.4 ]: "DAV:current-user- > privilege-set is a protected property containing the exact set of > privileges (as computed by the server) granted to the currently > authenticated HTTP user."? They have completely different definitions for different purposes. > The WebDav privileges can also change depending on the time of the day, > or have different effective permissions being called from laptop or > watch, or use other means to authenticate, after the PROPFIND for the > resoure was called. > > Why does it make sense to return DAV:unbind depending on the > authentication, but not Allow: DELETE under the same conditions? Because, regardless of its name, Allow has nothing to do with authentication unless a given resource chooses to make it so. To be clear, we are talking about historical artifacts that have a specific, defined meaning. Whether or not those meanings are consistent among two entirely different features of entirely different specifications is not even remotely open to debate at this point. Nor is it a question of logic, sense, or even what might be more useful. These are already-defined terms in an already-deployed language. ....Roy
Received on Tuesday, 26 June 2018 18:30:17 UTC