- From: Helge Hess <helge.hess@opengroupware.org>
- Date: Sat, 24 May 2008 12:37:10 +0200
- To: WebDAV <w3c-dist-auth@w3.org>
On 23.05.2008, at 22:56, Werner Baumann wrote: > 403 says, the server can create collections, but it will not create > *this* collection. > 501 says, the server is not able to create collections at all. Just for completeness, I think 501 just says that the collection MKCOL was called on does not support MKCOL. Other collections on the same server might support that method. I think Werner's point is that 403 has specific semantics and I would agree. To me 403 implies that the user could potentially create collections with better credentials. While 501 signals that the server really can't support MKCOL. That _is_ relevant for the error message reported by the client. IMHO the confusion started when Julian suggested that a server should return 403 if its a "read-only CardDAV implementation". Note the 'read- only _implementation_'. I think returning 403 would be quite wrong in this case, it should definitely return 501. As mentioned, practial consequences which immediatly come to mind are: - misleading error message towards the user - pointless retries with other (higher level) credentials As far as I can see levels are just a really minor optimization on the operations a client might attempt (never attempt to LOCK if we already know its not level2, but then we have the method info in OPTIONS anyways?!). Maybe the spec puts too much emphasis on levels. Thanks, Helge -- Helge Hess http://www.helgehess.eu/
Received on Saturday, 24 May 2008 10:39:35 UTC