W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2001


From: Jason Crawford <ccjason@us.ibm.com>
Date: Mon, 23 Jul 2001 13:32:01 -0400
To: WebDAV <w3c-dist-auth@w3.org>
Message-ID: <OFCB2CBBE7.3A20BF22-ON85256A92.006041B1@pok.ibm.com>

I agree with Lisa that who can unlock a resource should be an
access control issue (exposable and controllable through the
access control protocol), and not something hard-wired into the
locking protocol.
Lisa, Geoff and Tim have all agreed along these lines and noone has
disagreed.  My next question is...  What should 2518 say then?  Nothing and
leave a void?  Explicitly delegate to the ACL spec?

The only suggestion so far is...

I would extend this statement to say that this applies to any
use of a lock token on a resource, not just to who can use it
for UNLOCK.  So I would remove the "only by owner" language in
2518, which states that only the "owner" of a lock token can use it,
and replace it with "only a client with sufficient privileges".

Is this the change to 2518 that we want?  Any other suggestions?  Let's
hear from you?


Phone: 914-784-7569,   ccjason@us.ibm.com
Received on Monday, 23 July 2001 13:51:19 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:23 UTC