W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2008

Re: Thoughts on relation to WebDAV

From: Helge Hess <helge.hess@opengroupware.org>
Date: Sat, 24 May 2008 12:37:10 +0200
Message-Id: <C3FFDB4D-8900-406E-85AF-EFEF4F7BF564@opengroupware.org>
To: WebDAV <w3c-dist-auth@w3.org>

On 23.05.2008, at 22:56, Werner Baumann wrote:
> 403 says, the server can create collections, but it will not create  
> *this* collection.
> 501 says, the server is not able to create collections at all.

Just for completeness, I think 501 just says that the collection MKCOL  
was called on does not support MKCOL. Other collections on the same  
server might support that method.

I think Werner's point is that 403 has specific semantics and I would  
agree. To me 403 implies that the user could potentially create  
collections with better credentials. While 501 signals that the server  
really can't support MKCOL.
That _is_ relevant for the error message reported by the client.

IMHO the confusion started when Julian suggested that a server should  
return 403 if its a "read-only CardDAV implementation". Note the 'read- 
only _implementation_'. I think returning 403 would be quite wrong in  
this case, it should definitely return 501.

As mentioned, practial consequences which immediatly come to mind are:
- misleading error message towards the user
- pointless retries with other (higher level) credentials

As far as I can see levels are just a really minor optimization on the  
operations a client might attempt (never attempt to LOCK if we already  
know its not level2, but then we have the method info in OPTIONS  
Maybe the spec puts too much emphasis on levels.

Helge Hess
Received on Saturday, 24 May 2008 10:39:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:42 UTC