Re: Some problems with the WebDAV protocol from John Stracke on 1999-04-19 (w3c-dist-auth@w3.org from April to June 1999)

From: John Stracke <francis@ecal.com>
Date: Mon, 19 Apr 1999 13:12:07 +0000
To: w3c-dist-auth@w3.org
Message-ID: <371B2BA7.58EFEC3F@ecal.com>

Yoram Last wrote:

> So an HTTP/1.1
> client must interpret a 207 as being the same as a 200, although it clearly
> has a totally different meaning in WebDAV.

I say again: it is not clear that the meaning is totally different.

> But if given
> methods have different semantics in the two protocols,

But your "if" clause evaluates to false.

> > That's a matter of opinion; I say it should be possible to delete a collection and
> > know that clients that don't MKCOL it won't recreate it.  The fact is that, as you
> > admit, the HTTP/1.1 spec does not forbid the behavior which DAV prescribes.
>
> Nor does HTTP/1.1 forbids to disallow PUT altogether, or to disallow
> resource names to have more than 5 characters, or...  The point is that
> it does allow functionality that WebDAV forbids, and this functionality
> is being used (so it's not a purely theoretical matter).

But it's pretty close to theoretical, because the client-side changes to switch from "do
a PUT and know that it'll create a collection" to "do a MKCOL followed by a PUT" are
trivial.

> > > The restriction on PUT seems totally artificial anyway. A server that has
> > > a problem to create missing collections is always allowed to forbid it.
> > > But what is the point in forbidding all servers from doing that?
> >
> > Consistency.
>
> With what? Why is it important or beneficial in any way?

Consistency with *itself*--it's important that a DAV client be able to know what's going
to happen when it does a PUT.  It also helps with access control: it allows an
administrator to say, "Only these people can do MKCOL" and know that nobody else will be
able to create collections.

> Using DAV-like functionality of base HTTP/1.1 is one thing. Redefining that
> functionality is another.

I assert again that we are not redefining anything; that the changes you see are totally
consistent with the HTTP/1.1 spec.

> > > Another (not related) problem with the current protocol is the requirement
> > > that servers must respect PROPFIND with Depth=infinity queries for collections.
> >
> > Access control.
>
> And this helps how? By making public content repositories outside the scope
> of WebDAV?

No, by requiring special access rights for Depth=infinity.

--
/=============================================================\
|John Stracke    | My opinions are my own | S/MIME & HTML OK  |
|francis@ecal.com|============================================|
|Chief Scientist | NT's lack of reliability is only surpassed |
|eCal Corp.      |  by its lack of scalability. -- John Kirch |
\=============================================================/

Received on Monday, 19 April 1999 10:33:12 UTC