- From: Yaron Goland <yarong@Exchange.Microsoft.com>
- Date: Sun, 16 Jan 2000 17:47:55 -0800
- To: w3c-dist-auth@w3.org
- Message-ID: <7DE119D3D0E15543874F7561EECBDBED02619E19@BEG.platinum.corp.microsoft.com>
Section 5.2 of the Bind spec instructs the reader that if a server wishes to reject a BIND request because it would cause a loop then the server should return a 403 (Forbidden). However 403 is overloaded as it is. For example, a 403 could mean that the method is banned at the moment for some reason even though it is normally supported. This means that someone trying to write an API to issue a BIND never really knows what a 403 means and so doesn't know if they should tell the user that the server is currently just not going to let the user perform this action or if the problem is that the action would result in a loop. Therefore the use of 403 introduces a vagueness into the response. Therefore I move that a new 4xx error code be introduced to cover the case when a server refuses a BIND because it would cause a loop. Yaron P.S. I think that the introduction of all these new error codes is a mistake. A new error code should only be, in my opinion, introduced when it provides a very high level error description that could be reasonably used by members of the HTTP infrastructure, meaning firewalls and proxies. Otherwise only the x00 errors should be used for everything and either new headers or a body should be introduced to give detailed error information. But I'm way too busy to try and push for this change so for the moment let's just throw another error code on the barbie until people go insane with them. It will be interesting to see how bad things have to become before we can get this fixed.
Received on Sunday, 16 January 2000 20:48:46 UTC