- From: Gregory J. Woodhouse <gjw@wnetc.com>
- Date: Thu, 15 May 1997 15:38:32 -0700 (PDT)
- To: Fisher Mark <FisherM@exch1.indy.tce.com>
- cc: "'w3c-dist-auth@w3.org'" <w3c-dist-auth@w3.org>, "'Jon Radoff'" <jradoff@novalink.com>
I'm not entirely clear on what the motivation for an API approach is. As I recall, it was initially proposed while we were discussing ACLs, and several people had objected that this approach was inappropriate because it specified a particular implementation strategy. I'm not 100% sold here, but it is certainly possible that I have misunderstood the issues at hand. Anyway, my take on why APIs are not specified by the IETF is that they deal with specific language bindings, and IETF protocols are supposed to be platform independent. If API like behavior is really needed, what's wrong with an RPC approach? I don't necessarily advocate (or not advocate) the use of RPC. My personal opinion is that there's no real reason why we couldn't have a standards track RPC protocol (perhaps similar to ONC RPC), but of course, that's quite an undertaking. Now, before I digress too far, let me ask: Is there a reason why access control, in particular, really requires an API-like approach (or at least why such an approach is highly desirable)? I am not now talking about general issues such as why RPC based protocols are to be preferred to messsage based protocols. I don't mean to minimize these arguments. I think Tannenbaum one stated that message based protocols are the GOTO statements of network programming, and I think he has a point. But without minimizing the general issue, I'd like to be clearer on whether there are specific requirments in WebDAV and access control that argue for an API/RPC approach. --- Gregory Woodhouse gjw@wnetc.com / http://www.wnetc.com/home.html If you're going to reinvent the wheel, at least try to come up with a better one.
Received on Thursday, 15 May 1997 18:38:56 UTC