Re: [Ietf-caldav] [Fwd: draft-reschke-http-addmember-00]

Cyrus Daboo wrote:
> Hi Jamie,
> --On February 17, 2005 4:41:42 PM +0000 Jamie Lokier 
> <> wrote:
>>> No, it would be the container resource itself. For CalDav, the calendar
>>> collection; for Atompub, the feed resource itself.
>> Why can't you POST to the container resource?
>> That's what POST is for, after all.
> The WebDAV rfc has the following statement in it in Section 5.3 as a 
> justification for creating a new method (MKCOL in this case) rather than 
> using a special POST operation:
>>    While the POST method is sufficiently open-ended that a "create a
>>    collection" POST command could be constructed, this is undesirable
>>    because it would be difficult to separate access control for
>>    collection creation from other uses of POST.
> Wouldn't the same issue be relevant here?
> Interestingly the current WebDAV ACL document does not appear to mention 
> POST at all - even in the 'Normative' Method Privilege Table in Appendix 
> B. Is there a reason for that?

Yes. As you can do anything with POST, it's impossible to state what 
privileges you'll need.

> Whatever solution we come up with it ideally needs to work seamlessly 
> with WebDAV ACL.

That would be preferrable.

Best regards, Julian

<green/>bytes GmbH -- -- tel:+492512807760

Received on Thursday, 17 February 2005 17:20:08 UTC