W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2001

RE: rfc2818 issue: UNLOCK_BY_NON_LOCK_OWNER

From: Jason Crawford <ccjason@us.ibm.com>
Date: Mon, 23 Jul 2001 13:32:01 -0400
To: WebDAV <w3c-dist-auth@w3.org>
Message-ID: <OFCB2CBBE7.3A20BF22-ON85256A92.006041B1@pok.ibm.com>


<<
I agree with Lisa that who can unlock a resource should be an
access control issue (exposable and controllable through the
access control protocol), and not something hard-wired into the
locking protocol.
>>
Lisa, Geoff and Tim have all agreed along these lines and noone has
disagreed.  My next question is...  What should 2518 say then?  Nothing and
leave a void?  Explicitly delegate to the ACL spec?

The only suggestion so far is...

<<
I would extend this statement to say that this applies to any
use of a lock token on a resource, not just to who can use it
for UNLOCK.  So I would remove the "only by owner" language in
2518, which states that only the "owner" of a lock token can use it,
and replace it with "only a client with sufficient privileges".
>>

Is this the change to 2518 that we want?  Any other suggestions?  Let's
hear from you?

J.


------------------------------------------
Phone: 914-784-7569,   ccjason@us.ibm.com
Received on Monday, 23 July 2001 13:51:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:56 GMT