- From: B. Shadgar <shadgar@cs.bris.ac.uk>
- Date: Wed, 11 Sep 2002 18:26:50 +0100
- To: w3c-dist-auth@w3.org
"Roy T. Fielding" wrote: > I'll try to explain. It is fundamental to HTTP that intermediaries > are able to inspect the method of an HTTP request in order to determine > the semantics of a request, and thereby its associated access control > and/or authentication requirements. What you are suggesting is that > we bypass that feature in HTTP via a new syntax that tunnels arbitrary > methods within XML via HTTP, effectively bypassing all of the benefits > of using HTTP in the first place. > > Sound familiar? It should, since this is the same objection that I have > frequently given to the use of SOAP for tunneling arbitrary semantics > though an HTTP POST method. > > Transactions can be accomplished by using a request to ask the server > for a transaction context, possibly multi-level, and then sending > the sequence of requests with a calculated transaction-request-id > in the header fields, to each the server responds with 202 Accepted > or an error, and finalized with a commit or abort method, to which > the server responds with the appropriate message for the entire > commit. Such a transaction mechanism accomplishes the same thing > without violating the requirements of HTTP. Thanks for your explanation. You have open a new view to me. But I am thinking is this way stateless or not? Regards, Bita
Received on Wednesday, 11 September 2002 13:28:35 UTC