W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: PROPFIND behaviour regarding collections with non-listable me mbers

From: Clemm, Geoff <gclemm@rational.com>
Date: Fri, 12 Oct 2001 14:53:40 -0400
Message-ID: <3906C56A7BD1F54593344C05BD1374B103F8AC97@SUS-MA1IT01>
To: Webdav WG <w3c-dist-auth@w3c.org>
Depends on what you mean by "has the right to list the collection
but not its members".  If the client does not have the right to even
see the names of the members, then the collection should just look
empty, since the client should not be able to even know it has
members.  If the client has the right to see the name of members
but not to see the properties of members, then listing their names
with the Forbidden status seems reasonable to me.


-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de]
Sent: Friday, October 12, 2001 7:33 AM
To: Webdav WG
Subject: PROPFIND behaviour regarding collections with non-listable

I think we have identified something that needs to be clarified in RFC2518:

Given a collection X, where the principal does have rights to list the
collection itself, but not it's members.

Currently our server will distinguish between depth 0 and 1, that is a
PROPFIND with depth 0 will report the collection (and it's properties) OK,
while a PROPFIND with depth 1 will result in something like:

	<status>HTTP/1.1 403 Forbidden</status>

This is because once a response element for X is available, there's no other
way to distinguish between the case where the collection actually is empty,
or the collection is non-empty, but the principal doesn't have the right to
list it's members.

Feedback appreciated.

Received on Friday, 12 October 2001 14:54:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:24 UTC