Re: ldp-ISSUE-93 (AcceptLevels): Accept and Auth [Linked Data Platform Spec] from Cody Burleson on 2014-01-15 (public-ldp-wg@w3.org from January 2014)

From: Cody Burleson <cody.burleson@base22.com>
Date: Wed, 15 Jan 2014 12:28:10 -0600
To: Linked Data Platform Working Group <public-ldp-wg@w3.org>
Message-ID: <CAJM-RdoQLc6T_BHdhqgtBRw+=L=5XWV-m4oDZ_ZiYq_nPkE0Zw@mail.gmail.com>

My 2 cents. I think it is useful that GET returns method tokens in the
Accept header, but I don't know whether it SHOULD versus MUST. Perhaps
because it is MUST for HTTP OPTIONS, it should only be SHOULD for GET. It
wouldn't matter to me personally either way. What *does *matter to me is
the second question regarding authorization level. For our implementation,
it is very useful that the methods returned per the given resource are
dependent on the user's authorization level.

Maybe we could say something like this:

"In cases where security access control is implemented, the method tokens
returned in the Accept header should reflect the access of the anonymous or
authenticated user making the request. For example, if the user has
read-only access to the given Resource, GET, OPTIONS, and HEAD may be
returned, but POST, PUT, and PATCH would be omitted."

On Wed, Jan 15, 2014 at 11:46 AM, Linked Data Platform (LDP) Working Group
Issue Tracker <sysbot+tracker@w3.org> wrote:

> ldp-ISSUE-93 (AcceptLevels): Accept and Auth [Linked Data Platform Spec]
>
> http://www.w3.org/2012/ldp/track/issues/93
>
> Raised by: Henry Story
> On product: Linked Data Platform Spec
>
> Question 1:
>
> Section 4.3.2 says the section on GET says:
> [[
> LDP servers must support the HTTP response headers defined in section 4.9
> HTTP OPTIONS.
> ]]
>
> Does this mean that GET SHOULD/MUST? also return the Accept headers?
> (I would not be against).
>
> Question 2:
>
> When the server responds with an Accept header are these the headers that
> the server would allow the client with its authentication level to be used
> or would this be with any authentication level?
> I think it should be the first, because otherwise any LDP server would
> presumably for every resource allow all methods. But if so could this be
> made more explicit in the spec?
>
>
>
>

-- 
Cody Burleson
Enterprise Web Architect, Base22
Mobile: +1 (214) 537-8782
Skype: codyburleson
Email: cody@base22.com
Blog: codyburleson.com

* <http://base22.com>*

*Check my free/busy time.
<http://www.google.com/calendar/embed?src=cody.burleson%40base22.com&ctz=America/Chicago%20>*

Received on Wednesday, 15 January 2014 18:28:59 UTC