- From: Yoram Last <ylast@mindless.com>
- Date: 1999年4月22日 03:31:28 +0300
- To: John Stracke <francis@ecal.com>
- CC: w3c-dist-auth@w3.org
- Message-ID: <371E6DE0.484BF38E@mindless.com>
> Nothing has been taken away except uncertainty. Not so. By your wisdom, all MAYs and SHOULDs should be taken out of all protocols, because they are nothing but uncertainties. > > > > > No, by requiring special access rights for Depth=infinity. > > > > > > > > And when the request fails, how do you convey that to client? > > > > What status code will you use? > > > > > > 401, of course. > > > > To which the client would respond by prompting the user for a password. > > Only if you provide an Authenticate: header. RFC 2068 says: "10.4.2 401 Unauthorized The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource." So you say I should use a 401 in a way which is in brut violation of HTTP/1.1, and that WebDAV clients will somehow magically recognize this as indicating that the request failed due to the Depth=infinity issue and do whatever it is they should do in such a case, and furthermore, that software authors should be able to figure out this remarkable mechanism by reading RFC 2518. Yoram
Received on Wednesday, 21 April 1999 20:32:02 UTC