This page is an archive, possibly an out-of-date one. You’ll find newer weblog postings at So… and more about norm on his homepage.

WITW: LimitExcept

Volume 8, Issue 30; 22 Feb 2005; last modified 08 Oct 2010

Cue emotisound, *facepalm*

Leigh Dodds makes some good points about a couple of the clumsier aspects of WITW. He calls particular attention to the annoying distinction between http://norman.walsh.name/2005/02/witw/is/ndw and http://norman.walsh.name/2005/02/witw/ami/now.

I did that in order to put POST in an authentication realm while leaving GET outside one. In a brief private conversation that followed his post, Leigh pointed me to the LimitExcept directive. In particular, towards a configuration like this:

<Directory /the/real/place/where/lives/witw/>
    AllowOverride None
    Order allow,deny
    Allow from all
    Options ExecCGI
    <LimitExcept GET>
      AuthType Basic
      AuthName "WITW"
      AuthUserFile /the/real/place/where/the/data/is/passwd
      Require valid-user
    </LimitExcept>

I expect that the …/ami/now URI will soon vanish, leaving GET, POST, and perhaps even PUT all operating on the …/is URI.

With respect to his thoughts about having an identifier (a URI) for landmarks, I think Leigh is right about that too. Landmarks were an afterthought, a bit of eye candy around the heart of the service: users and their locations. After I get something working with WSDL, I'll probably go back and rethink things a bit.

Thanks, Leigh!