W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2001

RE: Are you using lock discovery?

From: Clemm, Geoff <gclemm@rational.com>
Date: Wed, 27 Jun 2001 13:51:42 -0400
Message-ID: <3906C56A7BD1F54593344C05BD1374B1018E24EC@SUS-MA1IT01>
To: WebDAV WG <w3c-dist-auth@w3.org>
I have to vigorously disagree with Jim's suggestion that it is 
ever reasonable behavior for a client to steal a lock without
first having a dialog with the user.  People work on multiple
machines, and with multiple clients on the same machine that
access the same resources (e.g. Word and the Windows Explorer).
It is just too easy to forget or not notice that you already
have a client open that is modifying a resource.  And if the
user does explicitly tell the client to go ahead and steal the
lock, it should do so by unlocking the resource, and obtaining
a new lock.  This ensures that if the original locking client is still
around, it will not overwrite the data you just uploaded.

Cheers,
Geoff


-----Original Message-----
From: Jim Whitehead [mailto:ejw@cse.ucsc.edu]
Sent: Wednesday, June 27, 2001 1:20 PM
To: WebDAV WG
Subject: RE: Are you using lock discovery?


> I'm sure Jim know this, but I'd just like to warn other client developers
> that servers are not obligated to expose the lock-token in the
> lock-discovery property.   Servers might chose not to expose the tokens so
> as to avoid the situation described in section 7.6.  Make sure
> your clients can handle a server not returning the lock token in the
lock-discovery
> property.

Well, actually, this did take me a bit by surprise. But, after re-reading
Section 13.8, Jason is right, we do allow servers to hold back some elements
of the lockdiscovery property. But, the stated rationale is access control,
not keeping clients from grabbing lock tokens.

It seems to me the root issue here is how much you trust users to remove
their own locks. For DAV Explorer, we felt the people using the tool would
likely either be doing server development, or setup of a WebDAV server. That
it why we added the protocol logging feature to the tool. While DAV Explorer
is useful enough to accomplish some day-to-day editing work, we didn't think
that would be its main use (we were somewhat surprised to see DAV Explorer
get bundled with the Merlin server:
http://www.abriasoft.com/products/product16.php :-). Since we felt our user
base would be fairly sophisticated, we were comfortable giving them the
ability to grab locks that they took out using another program (and no, I
don't think DAV Explorer prompts the user about this).  This makes it a
handy protocol exploration tool. If you want to know exactly how tool X
performs when a lock is yanked out from under it, you can use DAV Explorer
to unlock the resource.

For more mainstream *authoring* tools, I agree completely that, if the user
is granted the ability to grab a lock, they should be shown a dialog box
about the event.  As for tools like Goliath that give a filesystem-like
view, I think a good case can be made either way (prompting or no
prompting). Perhaps it should be configurable, or the dialog should have an
option to not be displayed in the future.

- Jim
Received on Wednesday, 27 June 2001 13:45:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:56 GMT