- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 17 Feb 2005 18:19:35 +0100
- To: Cyrus Daboo <daboo@isamet.com>
- CC: Jamie Lokier <jamie@shareable.org>, Mark Baker <distobj@acm.org>, "Roy T. Fielding" <fielding@gbiv.com>, WebDAV <w3c-dist-auth@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, CalDAV DevList <ietf-caldav@osafoundation.org>
Cyrus Daboo wrote: > Hi Jamie, > > --On February 17, 2005 4:41:42 PM +0000 Jamie Lokier > <jamie@shareable.org> wrote: > >>> No, it would be the container resource itself. For CalDav, the calendar >>> collection; for Atompub, the feed resource itself. >> >> >> Why can't you POST to the container resource? >> >> That's what POST is for, after all. > > > The WebDAV rfc has the following statement in it in Section 5.3 as a > justification for creating a new method (MKCOL in this case) rather than > using a special POST operation: > >> While the POST method is sufficiently open-ended that a "create a >> collection" POST command could be constructed, this is undesirable >> because it would be difficult to separate access control for >> collection creation from other uses of POST. > > > Wouldn't the same issue be relevant here? > > Interestingly the current WebDAV ACL document does not appear to mention > POST at all - even in the 'Normative' Method Privilege Table in Appendix > B. Is there a reason for that? Yes. As you can do anything with POST, it's impossible to state what privileges you'll need. > Whatever solution we come up with it ideally needs to work seamlessly > with WebDAV ACL. That would be preferrable. Best regards, Julian -- <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Thursday, 17 February 2005 17:20:08 UTC