RE: Interop issue: how can clients force authentication?

> The problem: A client wants to check if the current user is
> authenticated to do an operation before it has that user provide the
> input for that operation, and before it performs expensive
> computations to set up the input for that request.

This seems to be a bit beyond our current scope.  But given the
solution to this is likely to be trivial, and some people seem to value
this, I can't protest much.


> The proposal: Document in the 2518bis that the authentication check
> SHOULD be performed before the If header check (so that a simple
> contradictory If header can be used to check the authentication for
> "dummy version" of the operation, i.e. one with dummy values that did
> not require user input or expensive calculations on the client).

I like this solution since it's probably a good thing in general to
indicate the order of header checking.  This will create consistancy
that should aid clients greatly in understanding responses.

I do recall we got into a very brief discussion of order of header
evaluation
a while back.  I forget what the topic was or what order we decided.  I
suggest
we go with your proposal and see if any problems turn up.

I can't say I'm a fan of use of NOT in a If: header  though.  :-)  But the
concept
of submitting a predictably false If header seems fine with me.

Received on Sunday, 22 September 2002 23:51:57 UTC