W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: ISSUE-18: Is JSONRequest an acceptable alternative to the current model? [Access Control]

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 04 Jan 2008 20:04:12 +0100
To: "Jon Ferraiolo" <jferrai@us.ibm.com>
Cc: "Web Application Formats Working Group WG" <public-appformats@w3.org>
Message-ID: <op.t4e5xabe64w2qv@annevk-t60.oslo.opera.com>

On Fri, 04 Jan 2008 19:42:03 +0100, Jon Ferraiolo <jferrai@us.ibm.com>  
> It is true that the web developer might choose to put the access control
> information within XML content via a PI  entity body might hold an access
> control PI. In that case, the only way to go is GET. However, for non-XML
> workflows such as JSON (and that's what the Ajax guys are focused on  
> these
> days), then they have to use the HTTP header approach, in which case HEAD
> is the preferred way to go if all you want to do is determine if POST is
> allowed and you don't want a content block sent back to the client.

For the authorization request format details don't matter. Even if you use  
JSON you could still use XML for the authorizatoin request response. That  
response could also have an empty entity body in which case there's not  
really any noticeable difference.

Anne van Kesteren
Received on Friday, 4 January 2008 19:06:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC