- From: Clemm, Geoff <gclemm@rational.com>
- Date: Tue, 17 Sep 2002 22:57:15 -0400
- To: Webdav WG <w3c-dist-auth@w3c.org>
From: Ilya Kirnos [mailto:ilya.kirnos@oracle.com] Julian Reschke wrote: > Try a PUT with known-to-fail If header first (-> Stefan's > proposal). I agree that Stefan's proposal is the most appealing. maybe. what's known to fail? > An invalid lock token, an invalid ETag, ... Actually, I'd suggest a simple logical contradition, i.e.: If: ("A" Not "A") again, i'd like to stay away from a dependency on locking if possible, and etags support isn't required if i recall correctly. etag support isn't required, and locking support isn't required, but support for the If header is required. So I suggest we check whether any server which does the If check before it does an authentication check. It certainly shouldn't, since the success or failure of the If check tells you something about the resource which you probably shouldn't know if you are not authenticated. I would have no objection to adding a statement to 2518bis that states that a server SHOULD do authentication checks before any If checks. Cheers, Geoff
Received on Tuesday, 17 September 2002 22:57:47 UTC