W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2002

RE: Interop issue: how can clients force authentication?

From: Clemm, Geoff <gclemm@rational.com>
Date: Fri, 20 Sep 2002 08:39:33 -0400
Message-ID: <3906C56A7BD1F54593344C05BD1374B10841DD95@SUS-MA1IT01>
To: Webdav WG <w3c-dist-auth@w3c.org>

I believe the problem statement is:

The problem: A client wants to check if the current user is
authenticated to do an operation before it has that user provide the
input for that operation, and before it performs expensive 
computations to set up the input for that request.

The proposal: Document in the 2518bis that the authentication check
SHOULD be performed before the If header check (so that a simple
contradictory If header can be used to check the authentication for
"dummy version" of the operation, i.e. one with dummy values that did
not require user input or expensive calculations on the client).

As a general design note wrt some of the alternatives proposed:
Adding new protocol semantics (e.g. a new header) for each interesting
use case would rapidly produce a protocol so complex as to be
unusable.  I believe adding explicit marshalling for semantics that
are already supported adds complexity, not clarity, and that increased
complexity will increase the implementation errors, not decrease them.


-----Original Message-----
From: Jason Crawford [mailto:nn683849@smallcue.com]

On Thursday, 09/19/2002 at 02:27 MST, Ilya Kirnos wrote:
> the fact that this may already work with some implementations is a plus.
> the other hand it would pretty much be a hack.  when i see something like
> If: ("a" Not "a"), client authentication is not exactly the first thing
> comes to mind.  a new header would make this idea very explicit and
> less prone to implementation errors.  however, i'd like to see this
> implemented in some shape or form, so if there's consensus on the If
> it'd be fine with me.

I'd like to see two things...

1) A clear problem statement with scenarios
2) A clear statement of the/this proposal

Thanks guys

Received on Friday, 20 September 2002 08:40:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:26 UTC