W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: ISSUE-18: Is JSONRequest an acceptable alternative to the current model? [Access Control]

From: Jon Ferraiolo <jferrai@us.ibm.com>
Date: Fri, 4 Jan 2008 10:42:03 -0800
To: "Anne van Kesteren" <annevk@opera.com>
Cc: "Web Application Formats Working Group WG" <public-appformats@w3.org>
Message-ID: <OF0EA881BF.61D2B476-ON882573C6.00664A5D-882573C6.0066BA6C@us.ibm.com>

Anne,
It is true that the web developer might choose to put the access control
information within XML content via a PI  entity body might hold an access
control PI. In that case, the only way to go is GET. However, for non-XML
workflows such as JSON (and that's what the Ajax guys are focused on these
days), then they have to use the HTTP header approach, in which case HEAD
is the preferred way to go if all you want to do is determine if POST is
allowed and you don't want a content block sent back to the client.

Jon






                                                                           
             "Anne van                                                     
             Kesteren"                                                     
             <annevk@opera.com                                          To 
             >                         Jon Ferraiolo/Menlo Park/IBM@IBMUS, 
                                       "Web Application Formats Working    
             01/04/2008 10:29          Group WG"                           
             AM                        <public-appformats@w3.org>          
                                                                        cc 
                                                                           
                                                                   Subject 
                                       Re: ISSUE-18: Is JSONRequest an     
                                       acceptable alternative to the       
                                       current model?  [Access  Control]   
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




On Fri, 04 Jan 2008 19:15:32 +0100, Jon Ferraiolo <jferrai@us.ibm.com>
wrote:
> Based on what Kris says above, it seems to me that both HEAD and GET need
> to be supported in order to comply with the HTTP spec.

It seems that Kris was not aware that the entity body of the response is
significant and that therefore there is a difference. I mentioned this in
my earlier reply to you.


--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

graycol.gif
(image/gif attachment: graycol.gif)

pic28524.gif
(image/gif attachment: pic28524.gif)

ecblank.gif
(image/gif attachment: ecblank.gif)

Received on Friday, 4 January 2008 18:45:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC