Re: AD Evaluation of draft-ietf-atompub-protocol-11

[Robert Sayre <rsayre@xxxxxxxxxxx>]

Elliotte Harold wrote:
> > Also we'd experienced this as an interoperability problem in WebDAV 
> > interoperability tests where some server implementors insisted that 
> > certain WebDAV clients were completely broken in not supporting cookies.
>
> That's because WebDAV violates the HTTP architecture six ways to 
> Sunday, and tries to pretend the Web is just a funny kind of LAN.

WebDAV's architectural choices are completely unrelated to this point. 
Deployment experience with WebDAV servers showed that hitting the auth 
database with every request was expensive, so they used cookies as 
tokens, just like everyone else. This is foolish when using Digest, 
because there's an "opaque" parameter that the client has to pass back 
to the server. I can see why people do it with Basic, though.

> APP is based on HTTP and REST. In accordance with this architecture, 
there are no sessions to maintain.

HTTP authentication is stateful, too.

-Rob