RE: [Interop] quick poll on the Translate field] from Julian Reschke on 2001-11-05 (w3c-dist-auth@w3.org from October to December 2001)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 5 Nov 2001 23:50:16 +0100
To: "Matthieu Chevrier" <mchevrier@4d.com>, <w3c-dist-auth@w3.org>
Message-ID: <JIEGINCHMLABHJBIGKBCKEFGDGAA.julian.reschke@gmx.de>

> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Matthieu Chevrier
> Sent: Thursday, November 15, 2001 11:43 PM
> To: w3c-dist-auth@w3.org
> Subject: Re: [Interop] quick poll on the Translate field]
>
>
>
> > One very common mechanism for doing Web-based access control
> > is to base the access control on the URL (i.e. what you can do
> > to a resource depends on what the URL is).
>
> An access control based entirely on the URL ? hum. so it would
> give the same
> access for a GET and DELETE command ?
> Even these systems need to extract other info from the HTTP request, like
> the method name in the first place. So checking a new HTTP field
> should not
> be a big deal (it's not in our implementation).

I think you missed the WebDAV ACL spec :-)

> > When you do a COPY, should it go against the raw form or
> > the processed form of the resource?  Probably need the Translate
> > header for that then too.  Similarly for any other method that
> > could reasonably be applied to both the raw and the processed form.
>
> Do a COPY, MOVE, DELETE on the processed version makes no sense, isnt'it ?
> At least for all the existing Clients that I know of right now.
>
> For PROPFIND and PROPPATCH, it's not as obvious, though using the raw file
> is probably what we want in 99% of the cases.

Really. So PROPFIND/getcontentlength will say "application/ecma-script", but
GET returns HTML content?

> > So all that is needed is for the server to be able to dummy up
> > some URL that means "the raw form of this resource" to avoid all
> > these issues.
>
> I am not a big fan of having several URLs for the same resource
> in different
> status. Seems more like a workaround than anything else.
>
> To be honest I didn't really want to start discussing the specs
> when I asked
> to the interop list who was supporting the 'Translate' field. too late ;-)
>
> In my perspective if all clients were sending the 'Translate: f' with all
> their outgoing requests AND if the servers were always targetting the raw
> resource (considering the user has the right priviledges of
> course) then we
> would not have this discussion today.

So what should IE do upon GET?

Received on Monday, 5 November 2001 17:50:09 UTC