I agree with Julian that if there is a general HTTP problem that needs to be solved, then it should be handled in a separate draft in a general HTTP working group, not a RFC-2518 revision. We have plenty of RFC-2518 problems that need to be addressed. Cheers, Geoff Julian wrote on 10/29/2005 04:22:57 AM: > > Lisa Dusseault wrote: > > No it's not just for LOCK and PUT -- a client doing read-only requests > > (like PROPFIND) might see different results depending on whether or not > > they're authenticated. Some of the resources in a collection might be > > publicly readable (so the PROPFIND can succeed if anonymous) but others > > be hidden to unauthenticated users. > > But you could still use LOCK to enforce authentication, right? > > > More generally, it's not actually a WebDAV problem alone. If a client > > does a GET to a dynamically generated page, they could easily see > > different results based on whether they're authenticated or not. Since > > browsers today often cache authentication information, this means that > > the browser could inform the server that they'd like the challenge to > > save the user the step of first going to the site, seeing the anonymous > > page version, then choosing to login. Of course some sites use cookies > > for this but cookies are sometimes disabled, expired, etc. > > In which case I would recommend to > > - update Jim's description of the problem accordingly and > > - do this in a separate draft, optimally discussed on the HTTP WG's > mailing list. > > Best regards, Julian >
Received on Saturday, 29 October 2005 15:08:06 UTC