W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1996

RE: POST vs. separate methods

From: Yaron Goland <yarong@microsoft.com>
Date: Sun, 3 Nov 1996 15:56:38 -0800
Message-ID: <c=US%a=_%p=msft%l=RED-44-MSG-961103235638Z-11721@INET-02-IMC.microsoft.com>
To: "'Roy T. Fielding'" <fielding@liege.ICS.UCI.EDU>, "'w3c-dist-auth@w3.org'" <w3c-dist-auth@w3.org>
I have discussed this off line with Roy and frankly I think this is a
religious issue. Roy and I have fundamentally different visions of what
HTTP should become. As with the attributes discussion, I do not believe
this issue can resolved on this list in anything like a reasonable
amount of time. This is another issue that should be dealt with at the
November conference.

I realize that pushing stuff off to November sounds like whimping out
but I have seen these discussions roll on in e-mail and they take
forever and rarely resolve themselves. It is only when you get people in
a room that you can get any kind of resolution. These issues are too
fundamental to be argued out on an e-mail list.


>-----Original Message-----
>From:	Roy T. Fielding [SMTP:fielding@liege.ICS.UCI.EDU]
>Sent:	Saturday, November 02, 1996 3:53 AM
>To:	w3c-dist-auth@w3.org
>Subject:	Re: POST vs. separate methods 
>> The issue is change control: once you define the semantics of a new
>> method, there's little or no way to change it or update it. Adding new
>> methods is currently (intentionally) difficult. PEP might make it
>> easier, but I'll believe in PEP when I see more progress on it. 
>> On the other hand, there's a well defined mechanism for defining,
>> modifying, agreeing on, registering new media types.
>> So "POST with new media type" isn't equivalent to "new method" in the
>> important dimension of "what happens if we get it wrong".
>I'll disagree with Larry and Yaron on this one -- there is a giant difference
>between using media types to define the intended action and using methods
>to define the intended action.
>  a) access control is based on methods, not media types.  It is true that
>     you could change all WWW software and HTTP semantics such that you
>     could do access control via media types, but there had better be a
>     damn good reason for it [I haven't seen any yet].
>  b) the HTTP interface is designed to be capable of being the interface
>     to a general object store, where the method really is an OO method
>     to be applied to an object.  For a variety of reasons, it is better
>     to have separate names for separate semantics, rather than a single
>     name for all method calls and having the object determine the
>     semantics by some case-based switch on one of the parameters.
>I'll also disagree with Larry on the notion of media types being any
>easier to change than methods.  Anybody ever try to change
>     application/x-www-form-urlencoded
>(the media type used by default in WWW form-based entry)?  That was an
>incredibly poor design decision, known from the start, and yet we still
>can't get rid of it.
>I personally would rather have the definition of standard methods go through
>the RFC process; non-standard methods don't have to go through any process.
>As an implementer, it is easier (and better) to add support for a new method
>to the Apache server than it is to add access control by media type.
>If you get it wrong, just change the method name.
Received on Sunday, 3 November 1996 18:56:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:09 UTC