W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2000

RE: RFC-2518 LOCK-TOKEN: header

From: <jamsden@us.ibm.com>
Date: Sat, 29 Jan 2000 18:14:07 -0500
To: w3c-dist-auth@w3.org
Message-ID: <85256877.003BD702.00@d54mta03.raleigh.ibm.com>


The current locking semantics allow multiple clients operating under the
same principal the flexibility of using the same lock tokens. This assumes
a single principal is more aware of their concurrent clients than say a
distributed work group. It does not however allow any other principal to
reuse the lock tokens. So although I agree with Geoff that locking and
access control are orthogonal issues, requiring principal+lock token is
useful, and not at odds with access control. Locks are an access control
mechanism no matter how one looks at them. They temporarily remove write
access to anyone not owning the lock. This seems quite reasonable and
doesn't necessarily have anything to do with ACLs. I guess I fail to see
the confusion.

Recall that the source of this issue is that the DAV:activelock element
does not contain the principal owning the lock. So there is no way for a
user to obtain the lock tokens they own through the DAV:lockdiscovery
property . I think this needs to be fixed. Otherwise, the semantics of
locking, with respect to  what is submitted for access, seem fine.
Received on Monday, 31 January 2000 06:30:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:53 GMT