- From: Jason Crawford <nn683849@smallcue.com>
- Date: Sun, 22 Sep 2002 22:48:48 -0400
- To: "Clemm, Geoff" <gclemm@Rational.Com>
- Cc: Webdav WG <w3c-dist-auth@w3c.org>
> The problem: A client wants to check if the current user is > authenticated to do an operation before it has that user provide the > input for that operation, and before it performs expensive > computations to set up the input for that request. This seems to be a bit beyond our current scope. But given the solution to this is likely to be trivial, and some people seem to value this, I can't protest much. > The proposal: Document in the 2518bis that the authentication check > SHOULD be performed before the If header check (so that a simple > contradictory If header can be used to check the authentication for > "dummy version" of the operation, i.e. one with dummy values that did > not require user input or expensive calculations on the client). I like this solution since it's probably a good thing in general to indicate the order of header checking. This will create consistancy that should aid clients greatly in understanding responses. I do recall we got into a very brief discussion of order of header evaluation a while back. I forget what the topic was or what order we decided. I suggest we go with your proposal and see if any problems turn up. I can't say I'm a fan of use of NOT in a If: header though. :-) But the concept of submitting a predictably false If header seems fine with me.
Received on Sunday, 22 September 2002 23:51:57 UTC