If we believe that it is reasonable to require that the DAV:principal-URL be an HTTP URL, then I'm fine with just requiring this in RFC3774bis. If we don't require that, then I don't think we can require that there be a way to "find" that principal, since as you say, if you can find it using the information in the DAV:principal-URL, you should have been able to format that information as an HTTP URL. Cheers, Geoff w3c-dist-auth-request@w3.org wrote on 05/14/2008 03:16:01 PM: > > Geoffrey M Clemm wrote: > > > > So here's the problem: The primary purpose of the DAV:principal-URL is > > to specify the "identity" of a principal (so you can use it to check for > > equality). But you might not have an HTTP URI that can be used as the > > "identity" (you might need to use some URN URI, for example). So you > > might be forced to use a non-HTTP URL in the DAV:principal-URL property. > > Not totally convinced. If you can make a URN work, you can probably make > an HTTP URI work as well. Maybe not a pretty one, though. But anyway... > > > So the spec says that there must be an HTTP URL for a principal, but it > > does not require that the HTTP URL be the one that appears in the > > DAV:principal-URL property. > > > > At least that's how I remember it ... I could of course be wrong (it's > > been a while :-). > > OK, let's start with the assumption that you are right, usually a safe > position :-). > > The spec say that the principal-URL must be used in ACL requests. Does > this also mean it will be the one that will be used in the Access > Control Properties, such as DAV:acl? I would think so, otherwise > roundtripping will be messy... > > If this is the case, the only way to actually get to the HTTP principal > URL the spec requires in to use one of the reports, such as > DAV:principal-property-search? If yes, I'd argue we probably write down > an example showing how to do that, and add that to RFC3744bis... > > BR, Julian > > > >
Received on Wednesday, 14 May 2008 19:31:48 UTC