RE: WebDAV Bindings - Issue Yaron.BindSyntax from Slein, Judith A on 2000-01-18 (w3c-dist-auth@w3.org from January to March 2000)

From: Slein, Judith A <JSlein@crt.xerox.com>
Date: Tue, 18 Jan 2000 11:41:58 -0500
To: "'Yaron Goland'" <yarong@Exchange.Microsoft.com>, w3c-dist-auth@w3.org
Message-ID: <8E3CFBC709A8D21191A400805F15E0DBD2456A@crte147.wc.eso.mc.xerox.com>
There was a lot of discussion among the authors about the meanings of the
request-URI and the Destination header in the BIND request.
 
It was actually initially written so that it asked for the creation of a
binding at the Request-URI to the resource identified by the Destination
header.  The rationale for this was that it seemed more intuitive to have
the syntax of the request reflect the natural-language request: Create a
binding from this segment to this resource.  (Anyhow, that's how the spec
always expresses the request in English.)  And it seems as if the
Request-URI should identify the resource for which authorization would be
required to fulfill the request.  It's the collection where the binding
lives that gets modified, and so update permission would be needed on that
collection, and so that collection should be identified by the Request-URI.
 
We changed this to be consistent with the usage in COPY and MOVE, thinking
that it would be too confusing otherwise.  And servers would have to
interpret the Overwrite header differently for BIND than for COPY / MOVE if
we used the Request-URI and the Destination header differently than COPY /
MOVE.
 
We did not consider the implications of adding weak bindings.
 
But I would personally rather go back to the original syntax than introduce
a new header (or even suggest that such a header be introduced in the
future) that would flip the meanings of the Request-URI and Destination
header in a given request.  That is, I would propose that in all BIND
requests, the Request-URI identify the new binding, and the Destination
header identify the existing resource being bound to.
 
If it still seems unacceptable to be in conflict with the syntax of MOVE /
COPY, I would rather just go ahead and define a new header now that would
always be used in BIND requests to identify the resource being bound to.
That is, we would not use the Destination header at all.
 

- -Judy

 -----Original Message-----
From: Yaron Goland [mailto:yarong@Exchange.Microsoft.com]
Sent: Sunday, January 16, 2000 8:47 PM
To: w3c-dist-auth@w3.org
Subject: WebDAV Bindings - Issue Yaron.BindSyntax



The BIND spec defines that a binding is created by sending a message to the
source and instructing it to create a binding at the destination. This is
completely consistent with how WebDAV normally operates in methods such as
COPY/MOVE where the source is instructed to make changes at the destination.
Unfortunately, in the case of BIND, it introduces a very serious problem
when (not if, but when) we introduce weak bindings. The problem is that the
current bind syntax requires the active participation of the source to
create a bind at the destination. In the case of a weak binding it is
expected that the source may not even be aware of the binding. This is one
of the main benefits of introducing weak bindings, it allows for bind like
behavior without requiring the participation of the source. This enables
many resources to have weak bindings against a resource without overloading
the resource.

An example may help here. Imagine a user wants to create a weak binding to
http://www.yahoo.com/foo/bar <http://www.yahoo.com/foo/bar> . Currently, to
create this weak binding, the user would have to issue the bind method to
http://www.yahoo.com/foo/bar <http://www.yahoo.com/foo/bar>  and ask the
Yahoo server to somehow communicate with the destination server and create a
weak binding. This is like telling people that before they can add a
hyperlink to their HTML document they have to first get the resource pointed
to by the hyperlink to somehow participate in the process. The ability to
link to resources without the knowledge of the source (as the term is used
in the BIND method) has been one of the key aspects of the scalability of
the Web.

In my mind the proper solution is to introduce a source header that, when
used on a BIND method, would mean that the request-URI specifies the
destination rather than the source.

That having been said I really have no desire to prolong the agony of the
BIND authors by asking them to add a new header and deal with all the
complexities it would introduce. As such I am happy to settle for the
following paragraph being added to section 5.1: "The BIND method MUST fail
if it does not include a destination header. Note, however, that future
specifications MAY introduce additional headers that resources could honor
in the place of the destination header and so allow the BIND method to
succeed in the absence of a destination header."

This would allow us, in the future, to introduce a weak binding spec that
could still use the BIND method without forcing us to use MAN or introduce a
new method.
Received on Tuesday, 18 January 2000 11:42:11 UTC