- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sat, 11 Sep 2004 19:55:55 +0200
- To: w3c-dist-auth@w3.org
Hi, this is a summary of issues either new in draft -05 or issues with changes between drafts 04 and 05. It was first submitted in October 2003 ([1]), but as far as I can tell, non of the issues was adressed. 05-C01 media types Looking at the current W3 TAG discussion about XML media types we may want to consider deprecating "text/xml" and making "application/xml" a SHOULD. 05-C02 "illformed" Section 8.1.1 s/ill-formed/non-wellformed/ 05-C03 OPTIONS * 9.1 contains the new paragraph: This header must also appear on responses to OPTIONS requests to the special '*' Request-URI as defined in HTTP/1.1. In this case it means that the repository supports the named features in at least some internal namespaces. 1) I don't remember this being discussed anywhere. 2) This is impossible to implement with the Java Servlet API, so it's unlikely to be implemented 3) This clearly contradicts RFC2616, sectopn 9.2 (<http://greenbytes.de/tech/webdav/rfc2616.html#OPTIONS>): "If the Request-URI is an asterisk ("*"), the OPTIONS request is intended to apply to the server in general rather than to a specific resource. Since a server's communication options typically depend on the resource, the "*" request is only useful as a "ping" or "no-op" type of method; it does nothing beyond allowing the client to test the capabilities of the server. For example, this can be used to test a proxy for HTTP/1.1 compliance (or lack thereof)." 05-C04 DAV request header Thanks for adding it, however I think we need to do some more work: As an optional request header, this header allows the client to advertise compliance with named features. Clients need not advertise 1, 2 or bis because a WebDAV server currently doesn't need that information to decide how to respond to requests defined in this specification or in HTTP/1.1. However, future extensions may define client compliance codes. When used as a request header, the DAV header MAY affect caching so this header SHOULD NOT be used on all GET requests. 1) Just say generally that only those feature names are allowed where the spec explicitly defines what it means (in a request!). For RFC2518bis this means that none of the feature names defined here may be used. 2) "When used as a request header, the DAV header MAY affect caching so this header SHOULD NOT be used on all GET requests." - this is misleading. Either it is allowed on GET, or it isn't. If the request header affects a cacheable GET result, the origin server MUST specify that in the "Vary" header. 05-C05 Multistatus format Section 12: When a Multi-Status body is returned in response to a PROPFIND or another request with a single scope, all URLs appearing in the body must be equal to or inside the request-URI, thus the URLs MAY be absolute or MAY be relative. What is a "single" scope. Ans what does it mean for a URI to be "inside" another? It continues saying: When a Multi-Status body is returned in response to MOVE or COPY, relative URIs resolution is ambiguous (the request had both a source and a destination URL). Thus, URLs appearing in the responses to MOVE or COPY SHOULD be absolute and fully-qualified URLs. What is a "fully-qualified" URL? If this is meant to say that the URI, when relative, MUST start with a "/", then it should be more clear about that. 05-C06 12.1 3xx handling The 300-303, 305 and 307 responses defined in HTTP 1.1 normally take a Location header to indicate where the client should make the request. The Multi-Status response syntax as defined in RFC2518 did not allow for the Location header information to be included in an unambiguous way, so servers MAY choose not to use these status codes in Multi-Status responses. If a clients receives this status code in Multi-Status, the client MAY reissue the request to the individual resource, so that the server can issue a response with a Location header for each resource. Additionally, this specification defines a new element that servers MAY use in the response element to provide a location value in Multi-Status (see section 13.29). I think we can improve that: - "not to use" -- be clear what this means -- is it using a "200" status element instead? - when the server chooses not to return the 3xx code, should it include the location element nevertheless (I think it should) 05-C07 XML Extensibility (section 13) I still think we should make statements about extensibility once. The current notation (adding verbose text to each and every element description) just makes the spec less readable and harder to maintain. Note that already the descriptions are partly broken (for instance in 13.18). In particular: Extensibility: MAY be extended with additional child elements or attributes which SHOULD be ignored if not recognized. s/SHOULD/MUST/ 05-C08 propfind DTD Says: <!ELEMENT propfind (prop | dead-props | propname | allprop) > Should be: <!ELEMENT propfind (allprop | propname | (prop, dead-props?)) > <!ELEMENT dead-props EMPTY > 05-C09 Properties Some property values are calculated by the server and it is not appropriate to allow client changes, thus they are protected. Existing server implementations already have different sets of RFC2518 properties protected, but clients can have some expectations which properties are normally protected. The value of a protected property may not be changed even by a user with permission to edit other properties. The value of an unprotected property may be changed by some users with appropriate permissions. This definition seems to slightly differ from what RFC3253 says. That seems to be a bad idea (here is seems to identify "calculated" with "protected"; in RFC3253 there's a clear difference between "protected" and "computed"). 05-C10 Properties (COPY/MOVE behaviour) This somehow combines statements about how the property behaves upon COPY and MOVE (good) and some statements about what happens in "remote" operations. I think the latter is very confusing. Either a copy is done using COPY, or it isn't. If a server decides to emulate a copy operation using PROPPATCH and PUT, the standard considerations for these methods apply. 05-C11 "mandatory" properties This is actually an old issue. For instance: Description: The creationdate property should be defined on all DAV compliant resources. If present, it contains a timestamp of the moment when the resource was created (i.e., the moment it had non-null state). Basically this says that the property should be there, unless it isn't. Just say that it's optional in these cases. [1] <http://lists.w3.org/Archives/Public/w3c-dist-auth/2003OctDec/0150.html>
Received on Saturday, 11 September 2004 17:56:45 UTC