Re: By way of example.

On 8/18/06, Eric J. Bowman <eric-MkmoNbc1SAncr/OS1auqaA@xxxxxxxxxxxxxxxx> wrote:
> >
> >In one of my implementations, our service doc is always available
> >through the same uri..
> >
> >  http://example.org/oa/service/atom/introspection
> >
> >The content of the returned document varies depending on the
> >authentication credentials of the caller.
> >
>
> My point exactly.  You have multiple resources, one for each user, sharing
> the same address with no distinction between them, which is _exactly_ why it
> is good practice to return a distinguishing Content-Location to the client.

It seems like a pretty common case that common URIs provide different
results for different users, as James observed earlier w/ the iGoogle
example.   And, it sounds like we agree that "authentication" is the
extra variable applied to the URI to form a resource "access context".

Isn't the best path here for the server to provide the right
cache-control directives to make sure that cached responses don't
"leak" across users.  If done properly, then it seems like each user
has their own logical view (or "access context") of the resources and
collision doesn't happen.

It's possible I'm missing something... I can't read and comprehend as
fast as some can write.

-- Kyle