I've finally been able to do some work on this, and am close to sending
out a new version. Before I do, however, I'd like to know if there are any
outstanding issues people have had with it. I've gone through my old mail and
have a start on some things:
* Usefulness of notification depth choices
* Access control
* SHIM header issues with both SubID and Collection headers
* Item retrieval on collection nodes
I've covered access control with by using the collection's access model
and adding a note to "Security Considerations" saying it could be a bad thing
to allow, for instance, open access on a collection node which has closed or
authorize children (but this can also be a useful thing, too).
I'm on the fence about SHIM headers. I think we need a new one because
of the limitations of the schema, or perhaps we should omit the "Collection"
header when SubIDs are extant because it's redundant in that case.
Item retrieval is tricky. I think it's a highly valuable thing for both
client simplicity and access control. It's good to be able to say "if you can
get a notification about it, you can retrieve it in the same way you subscribed
to it." However, the existing schema for item retrieval allows only one
<items/> element in the query response. If we could allow more than one then it
becomes fairly simple.
Thoughts? Other issues? Let me know.
-bjc
