- From: Mark Baker <distobj@acm.org>
- Date: Tue, 27 Apr 2004 10:37:16 -0400
- To: Graham Klyne <gk@ninebynine.org>
- Cc: www-tag@w3.org
On Tue, Apr 27, 2004 at 11:43:34AM +0100, Graham Klyne wrote: > I don't think this poses any fundamental problems for Web architecture, but > the only reason I can see for not using POST is this: > [[ > The PATCH request is subject to access control, which in turn may > require authentication. The PATCH request SHOULD be subject to the > same access control permissions as the PUT request. > ]] I wouldn't personally use POST, because the semantics of PATCH seem to be very similar to PUT. i.e. the client has direct visibility into the terminal state of the resource, even in part. FWIW, I've come close a couple of times (though I never actually needed to, in the end) to doing something like PATCH using RFC 3229, "Delta encoding in HTTP". While targetted at delta updates via GET, it says this; Nothing in this specification specifically precludes the use of a delta encoding for the body of a PUT request. However, no mechanism currently exists for the client to discover if the server can interpret such messages, and so we do not attempt to specify how they might be used. Which makes sense; HTTP's lack of support for mandatory extensions makes deploying these kinds of extensions difficult. So the options seem to be; - PATCH - M-PUT (RFC 2774) + RFC 3229 - a PUT binding for SOAP + RFC 3229 FWIW, if there was anything for the TAG to consider here, it might be to document some best practices for deploying various forms of HTTP extensions and to help protocol developers understand the tradeoffs. Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca
Received on Tuesday, 27 April 2004 10:38:24 UTC