Re: Interop issue: how can clients force authentication?

sounds like we've got a proposal that there's some agreement on.

lisa, what's the next step for getting this into the spec?

thanks.

-ilya



Jason Crawford wrote:

> > The problem: A client wants to check if the current user is
> > authenticated to do an operation before it has that user provide the
> > input for that operation, and before it performs expensive
> > computations to set up the input for that request.
>
> This seems to be a bit beyond our current scope.  But given the
> solution to this is likely to be trivial, and some people seem to value
> this, I can't protest much.
>
> > The proposal: Document in the 2518bis that the authentication check
> > SHOULD be performed before the If header check (so that a simple
> > contradictory If header can be used to check the authentication for
> > "dummy version" of the operation, i.e. one with dummy values that did
> > not require user input or expensive calculations on the client).
>
> I like this solution since it's probably a good thing in general to
> indicate the order of header checking.  This will create consistancy
> that should aid clients greatly in understanding responses.
>
> I do recall we got into a very brief discussion of order of header
> evaluation
> a while back.  I forget what the topic was or what order we decided.  I
> suggest
> we go with your proposal and see if any problems turn up.
>
> I can't say I'm a fan of use of NOT in a If: header  though.  :-)  But the
> concept
> of submitting a predictably false If header seems fine with me.

Received on Monday, 23 September 2002 17:53:28 UTC