- From: Yaron Goland <yarong@microsoft.com>
- Date: Wed, 16 Dec 1998 14:12:49 -0800
- To: "'Greg Stein'" <gstein@lyra.org>, w3c-dist-auth@w3.org
The folks in versioning land want to add a version header which is combined with the request-URI to uniquely identify a resource other than the one in the request-URI as being the "true" request-URI. The folks in collection land want to add a no-passthrough header which is combined with the request-URI to confirm that the request-URI REALLY is the request-URI. I have even heard rumors of those who want to add a source header which is combined with the request-URI to uniquely identify a resource other than the one in the request-URI as being the "true" request-URI. Of course one may think we already have this problem in the form of Accept-* headers. However, Accept-* headers specify the desired result format, not the resource the request is to be applied to. Unlike accept-* headers, these new headers are really just a slightly more advanced version of URL munging, with all the problems that implies. This leads me to believe that the collection paper's design requires a fundamental re-think. Having to resort to URL munging is a sure sign that your design is in trouble. The collection folks may want to consider a source like model where you have paired resources. The "redirection" resource and its "control". The "redirection" resource will respond to one magic method which returns a header which specifies the "control" resource. The "control" resource is then the one that arbitrary methods can be applied to. This solution is VERY far from optimal since servers will have problems managing the parallel namespaces and dealing with potential name conflicts. Alternatively we may want to learn a lesson from the way that redirection resources have been implemented in file systems. Some methods applied directly to the resource and some were redirected and that was it. There was no crossing the line. I actually suspect this may prove to be a better model, although the interaction with properties may be interesting. As for versioning and source, sometimes speed hacks are just not worth it. Not when the cost is extensibility. Just a thought, Yaron -----Original Message----- From: Greg Stein [mailto:gstein@lyra.org] Sent: Wednesday, December 16, 1998 12:37 PM To: w3c-dist-auth@w3.org Subject: Re: Properties of References Slein, Judith A wrote: >... > 2. Replace the Re-Direct header with a No-Passthrough header that can be > applied to any reference, direct or redirect. This header asks the server > to apply the request to the reference itself, rather than to its target > resource. > ... Random thought: there is a weird correlation here between this No-Passthrough header and the "source link". For example, could No-Passthrough potentially be used to grab an ASP file rather than its execution result? Just popped into my head, so I thought I'd mention it. The source link does seem a bit nicer for security issues (because you secure based on URL rather than the presence of a header), but No-Passthrough seems handier for grabbing source (text or binary). -g -- Greg Stein, http://www.lyra.org/
Received on Wednesday, 16 December 1998 17:12:55 UTC