- From: Ilya Kirnos <ilya.kirnos@oracle.com>
- Date: Mon, 23 Sep 2002 14:55:03 -0700
- To: Jason Crawford <nn683849@smallcue.com>
- CC: "Clemm, Geoff" <gclemm@Rational.Com>, Webdav WG <w3c-dist-auth@w3c.org>, Lisa Dusseault <lisa@xythos.com>
sounds like we've got a proposal that there's some agreement on. lisa, what's the next step for getting this into the spec? thanks. -ilya Jason Crawford wrote: > > The problem: A client wants to check if the current user is > > authenticated to do an operation before it has that user provide the > > input for that operation, and before it performs expensive > > computations to set up the input for that request. > > This seems to be a bit beyond our current scope. But given the > solution to this is likely to be trivial, and some people seem to value > this, I can't protest much. > > > The proposal: Document in the 2518bis that the authentication check > > SHOULD be performed before the If header check (so that a simple > > contradictory If header can be used to check the authentication for > > "dummy version" of the operation, i.e. one with dummy values that did > > not require user input or expensive calculations on the client). > > I like this solution since it's probably a good thing in general to > indicate the order of header checking. This will create consistancy > that should aid clients greatly in understanding responses. > > I do recall we got into a very brief discussion of order of header > evaluation > a while back. I forget what the topic was or what order we decided. I > suggest > we go with your proposal and see if any problems turn up. > > I can't say I'm a fan of use of NOT in a If: header though. :-) But the > concept > of submitting a predictably false If header seems fine with me.
Received on Monday, 23 September 2002 17:53:28 UTC