[foaf-dev] for more information please log in
Danny Ayers
danny.ayers at gmail.com
Sun Jan 13 21:47:53 GMT 2008
On 13/01/2008, Lukas Rosenstock <lukas.rosenstock at identity20.eu> wrote:
> Hello!
> It's not FOAF-specific, it could be applied to, let's say RSS-feeds of an
> online journal that has private postings, too. HTTP Basic Authorization or
> OAuth could be used for this, but the only way the client knows that he can
> authorize for this document is sending a "401". There should be something in
> HTTP, a header that states "additional content available on authorization".
> Any thoughts on this?
The usual authentication headers do only seem to offer all or nothing
alternatives. But the issue does seem to be about content negotiation
between multiple alternatives - does anyone happen to know typical
client/server behaviour on
300 Multiple Choices?
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1
Re. when to use different URIs and when to use conneg: in principle, I
think I'd put the line a lot more over towards conneg than timbl
seemed to suggest. Ok, information about a resource and information
that represents a resource is different, and a distinction is
desirable. But (orthogonal to httpRange-14) the information provided
in say a HTML and a JPEG representation of a resource may have little
or no intersection, yet they may both be legitimate representations of
that resource.
I say in principle - conneg does seem to take extra effort in most
tools compared with serving stuff at different URIs (e.g. with
different filename extensions, bleah) so pragmatically to get good
data published generally it probably is better to lean this way - as
long as equivalence etc. is described somewhere. Which goes back to
Henry's point -
<public> a PersonalProfileDocument;
primaryTopic <#me> ;
http-auth:authorization http-auth:authorization#None .
<private> a PersonalProfileDocument;
primaryTopic <#me> ;
http-auth:authorization http-auth:authorization#Digest .
Or is that too close to the auth implementation? Might it be better like:
<private> a PersonalProfileDocument;
primaryTopic <#me> ;
auth:authorized <(members of groupX)> .
- closer to the W3C ACL stuff??
http://www.w3.org/2001/04/20-ACLs.html
Cheers,
Danny.
--
http://dannyayers.com
More information about the foaf-dev
mailing list