- From: Clemm, Geoff <gclemm@rational.com>
- Date: Wed, 15 Aug 2001 17:51:33 -0400
- To: w3c-dist-auth@w3c.org
From: Jason Crawford [mailto:ccjason@us.ibm.com] My opinion is that... The spec should not use the IF header for token presentation to the server. The IF header should only be used for client initiated assertion checking. The current use of IF for dual purposes just causes confusion (like I think your note indicates) and impedes our ability to potentially extend it later. We should transition to some other header for token presentation to the server. Or perhaps I just misunderstand the IF header and someone needs to clearly define it. :-) Jason: I don't see your concern here. The semantics of the If header is quite clearly defined in 2518, and says that if none of the state lists that apply to a resource match, then the request must fail with a 412. Although as indicated in a previous message, the "applies to a resource" is not well defined for no-tagged state lists, this is a general problem with the If header, and not a particular problem for lock tokens. Cheers, Geoff
Received on Wednesday, 15 August 2001 17:53:03 UTC