- From: Roy T. Fielding <fielding@apache.org>
- Date: Wed, 11 Sep 2002 18:22:03 +0200
- To: "B. Shadgar" <shadgar@cs.bris.ac.uk>
- Cc: w3c-dist-auth@w3.org
I'll try to explain. It is fundamental to HTTP that intermediaries are able to inspect the method of an HTTP request in order to determine the semantics of a request, and thereby its associated access control and/or authentication requirements. What you are suggesting is that we bypass that feature in HTTP via a new syntax that tunnels arbitrary methods within XML via HTTP, effectively bypassing all of the benefits of using HTTP in the first place. Sound familiar? It should, since this is the same objection that I have frequently given to the use of SOAP for tunneling arbitrary semantics though an HTTP POST method. Transactions can be accomplished by using a request to ask the server for a transaction context, possibly multi-level, and then sending the sequence of requests with a calculated transaction-request-id in the header fields, to each the server responds with 202 Accepted or an error, and finalized with a commit or abort method, to which the server responds with the appropriate message for the entire commit. Such a transaction mechanism accomplishes the same thing without violating the requirements of HTTP. In any case, this is OUT OF SCOPE for WebDAV. It is an HTTP issue that is not specific to authoring and will not be solved by an authoring-specific solution. ....Roy
Received on Wednesday, 11 September 2002 12:22:15 UTC