Re: "The use of Metadata in URIs" and UK law

>Henry Story wrote:
>>To me, unauthorised resources should be protected by Access control
>>mechanism, not by the shape of the url.
>To me too, but apparently not to the lawyers in this case.
>The key question is, in my view, what the meaning of a GET request
>is.  Is it "give me a representation of this resource which I assert
>I am authorized to access" or is it "please give me a representation
>of this resource if you think that the user name, password, referer,
>or whatever, of this request entitles me to it"?

I suggest that it is not, and cannot possibly be, either of these. Or 
indeed any other English paraphrase of some communication act between 
human beings. GET is not a conversation, it is a mechanical transfer 
protocol. We can of course speak metaphorically using this language, 
just as we speak of machine "instructions" and software "agents" and 
so on: our technical vocabulary is riddled with these suggestive 
usages. But sometimes it is vitally important to remind ourselves 
that these really are only suggestive metaphors. Computer hardware 
does not obey as humans obey orders; software does not act as humans 
act; and GET does not request, assert, claim or suggest in any human 
senses of these words. It simply initiates a process which results in 
bytes being transferred from one place to another on a network.

Pat Hayes
IHMC		(850)434 8903 or (650)494 3973   home
40 South Alcaniz St.	(850)202 4416   office
Pensacola			(850)202 4440   fax
FL 32502			(850)291 0667    cell

Received on Sunday, 12 November 2006 01:09:13 UTC