- From: Roy T. Fielding <fielding@ebuilt.com>
- Date: Fri, 9 Nov 2001 18:45:43 -0800
- To: Jim Whitehead <ejw@cse.ucsc.edu>
- Cc: WebDAV <w3c-dist-auth@w3.org>
Some general comments: 1) Why does every example use xmlns:D="DAV:"? That seems to be a pointless exercise in indirection that will ultimately lead to clients that parse on D:whatever instead of the actual spec. Besides, DAV itself is an xmlns that needs to be defined somewhere. If the goal is to simply show that it is possible, then only one or two of the examples should use the shorter short name. 2) This protocol has departed from the Web interface of access control being set on a per-method basis. The effect of this change is that access control will now have to be governed by both the Web server and whatever handler within the Web server is interpreting WebDAV methods, resulting in a pointless duplication of code (and effort, if the resource requires both forms be active). Eventually, someone will have to define an HTTP access control protocol. 3) The protocol does not differentiate between writing to a resource (PUT) and appending to a resource (POST), and thus cannot be used to control shared access for things like guest-books, log files, or collection-like bulletin-board resources. The first is a matter of editorial choice. The second prevents this protocol from being generally useful outside webdav. The third leads from the second. I don't think any of them would necessarily prevent it from becoming a proposed standard for WebDAV, but I wouldn't call it access control for the Web. ....Roy
Received on Friday, 9 November 2001 21:49:07 UTC