RE: Change to Lock-Token

Larry Masinter writes:
>If a lock-token quacks like an etag, why isn't an etag?
>
>Wouldn't it be simpler just to say "you can lock something,
>and you get back the etag of the thing you locked"?

Yaron Goland replies:
>The idea has a lot of merit, but after I posted the change, I started
>asking myself "why should Lock Tokens not be e-tags?" One problem I see
>is that there is a difference between e-tags and lock tokens. For
>example, if I have a shared or advisory lock (they are coming...), I
>want to continue testing for my lock independently of changes to the
>resource. The resource may change but my lock is still there.
>Furthermore a server may have different mechanisms for assigning lock
>tokens and e-tags.

*snip*

>All this having been said, I have to admit I am running on instinct.
>Near as I can tell, I can't come up with a compelling reason why lock
>tokens shouldn't be e-tags.

There are two reasons why entity tags should not be used as lock tokens:

1) Uniqueness. According to my reading of the HTTP 1.1 specification, an
entity tag (strong or weak) need only be unique for a given resource.  DAV
has the extra requirement that lock tokens must be unique across an HTTP
server (and perhaps even globally unique).  Lock tokens are the "key" for
DAV locks, and hence having as unique a key as possible is very desirable.
Note that DAV locks are not a substitute for strong authentication working
with an access control scheme.

2) Identity.  While a strong entity tag will correspond to the resource
when a lock is taken out on that resource, as soon as the resource is
changed its entity tag (strong for sure, weak potentially depending on the
scope of the change) will also need to change.  If intermediate results are
saved to the HTTP server before the lock is released, the lock token will
no longer correspond to the actual entity tag of the resource.

Since entity tags do not meet the uniqueness requirements of DAV, and since
they are not guaranteed to be the same throughout an editing session, using
entity tags as lock tokens is not a good idea.

- Jim

Received on Monday, 24 March 1997 13:13:27 UTC