- From: Roy T. Fielding <fielding@ebuilt.com>
- Date: Fri, 9 Nov 2001 18:45:43 -0800
- To: Jim Whitehead <ejw@cse.ucsc.edu>
- Cc: WebDAV <w3c-dist-auth@w3.org>
Some general comments:
1) Why does every example use xmlns:D="DAV:"? That seems to be a pointless
exercise in indirection that will ultimately lead to clients that
parse on D:whatever instead of the actual spec. Besides, DAV itself
is an xmlns that needs to be defined somewhere. If the goal is to
simply show that it is possible, then only one or two of the examples
should use the shorter short name.
2) This protocol has departed from the Web interface of access control being
set on a per-method basis. The effect of this change is that access
control will now have to be governed by both the Web server and whatever
handler within the Web server is interpreting WebDAV methods, resulting
in a pointless duplication of code (and effort, if the resource
requires both forms be active). Eventually, someone will have to
define an HTTP access control protocol.
3) The protocol does not differentiate between writing to a resource (PUT)
and appending to a resource (POST), and thus cannot be used to control
shared access for things like guest-books, log files, or collection-like
bulletin-board resources.
The first is a matter of editorial choice. The second prevents this protocol
from being generally useful outside webdav. The third leads from the second.
I don't think any of them would necessarily prevent it from becoming a
proposed standard for WebDAV, but I wouldn't call it access control for
the Web.
....Roy
Received on Friday, 9 November 2001 21:49:07 UTC