Re: WG Last Call: Bindings Protocol

Responses are inlined...

----- Original Message -----
From: Slein, Judith A <JSlein@crt.xerox.com>
To: 'Eric Sedlar' <esedlar@us.oracle.com>; Jim Whitehead <ejw@ics.uci.edu>;
WebDAV WG <w3c-dist-auth@w3.org>
Cc: Geoffrey M. Clemm <geoffrey.clemm@rational.com>
Sent: Wednesday, January 05, 2000 7:05 AM
Subject: RE: WG Last Call: Bindings Protocol
[snip]

>
> We do say in Section 11:
>
> "A PROPFIND requesting DAV:bindings MUST return only those bindings that
the
> client is authorized to see."
>
> So your suggestion is that in addition we say that if the client is not
> authorized to read the collection C in which a binding C:(S->R) appears,
the
> client is also not authorized to see that value of the DAV:bindings
property
> on the resource R.  Then we could get rid of the security concern
described
> in 16.4.  Is that right?
>

Right.

> > * some comment to the effect that if the URL is a versioned
> > resource, and
> > the currently selected revision is changed, the resourceid
> > will not change.
> > (I'm assuming that is what you want.)  So even though two
> > people might see
> > different data from a GET request from the same URL (because
> > they would get
> > a different revision selected), they would still have the
> > same resourceid.
> > Therefore, people should NOT use resourceid to invalidate
> > caches or any
> > other application that assumes a one to one correspondence between
> > resourceid and data.
>
> I think that your conclusions are all exactly correct, but I agree with
> Jason that it would be better to discuss ramifications for versioning in
the
> DeltaV spec.
>

I still think it would be useful to have a reference in the Binding spec,
even if
you move the discussion to the DeltaV spec.

--Eric

Received on Wednesday, 5 January 2000 15:14:31 UTC