W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2001

RE: lock-token

From: Clemm, Geoff <gclemm@rational.com>
Date: Mon, 15 Jan 2001 12:01:56 -0500
Message-ID: <3906C56A7BD1F54593344C05BD1374B101B14CE2@SUS-MA1IT01>
To: "'w3c-dist-auth@w3.org'" <w3c-dist-auth@w3.org>
See RFC 2518, section 7.6.

It describes why lock tokens are needed to prevent overwrite
behavior from two or more clients that are being run by the same
authenticated user.

Cheers,
Geoff 

-----Original Message-----
From: Schlee Stefan [mailto:ssch@ticon.at]
Sent: Monday, January 15, 2001 10:04 AM
To: 'w3c-dist-auth@w3.org'
Subject: lock-token


Hello,

I hope this question is not too basic for this discussion group. I have read
the DAV spec and browsed through the mail 
archive of this mail list but did not find an answer to the following
question:

Why has the lock-token to be universaly unique?
 
Because it is a property that can be queried by any person, beeing in the
state of posessing a universaly unique token 
does not provide me with a special privileges per se. If I understood the
spec thats why you have to authenticate yourself to make use of a
lock-token.
But than, why use a token at all. Woulde'nt it suffice that the server
registers who has taken a lock on the locked ressource (for example with the
public key of the lock-owner) and require anybody who wants to perform
"critical" operations on the locked ressource to verify his/her identity.

Thanks in advance for helping me, regards

> Stefan Schlee / TI[con]
> 
> 
Received on Monday, 15 January 2001 11:54:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:55 GMT