W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2002

RE: HOW_TO_IDENTIFY_LOCK_OWNER

From: Clemm, Geoff <gclemm@rational.com>
Date: Mon, 14 Jan 2002 14:01:16 -0500
Message-ID: <3906C56A7BD1F54593344C05BD1374B103F8AE9B@SUS-MA1IT01>
To: w3c-dist-auth@w3c.org
The client should never automatically reuse a lock taken out
by another client (irrespective of whether or not it was another
client with the same authentication credentials), but should only
steal another client's lock on explicit request by the user.
So the client should present to the user the information stored
in the DAV:owner field of the lock, and the user will use that
information to decide whether he/she really wants to steal that lock.

So I agree that information about the user that took out the lock
is required, but this info is available in the DAV:owner field.
The only reason this information needs to be supplemented, is to
let the client know whether or not the user will in fact be allowed
to steal the lock (assuming that he/she wants to), and that is the
info provided by the DAV:can-lock and DAV:can-unlock privileges.

Cheers,
Geoff

-----Original Message-----
From: Daniel Brotsky [mailto:dbrotsky@adobe.com]
Sent: Monday, January 14, 2002 1:16 PM
To: Stefan Eissing
Cc: Clemm, Geoff; w3c-dist-auth@w3c.org
Subject: RE: HOW_TO_IDENTIFY_LOCK_OWNER


At 3:05 PM +0100 1/11/02, Stefan Eissing wrote:
>I see what you mean. There could be an ACL server which just has
>"group" principals and no principals with one-one relation to users
>(well it could even skip user credentials and just have credentials
>matching groups).
>
>As for identifying the owner of a lock this means one of the following:
>a) the server has a "primary" principal and could report it as lock owner.
>    It may nevertheless choose not to do so, due to confidentiality
reasons.
>b) the server has no such thing and thus cannot report who owns a lock.
>    It only can tell if your credentials are sufficient to lock/unlock
>    a resource.

But (b) misses the point of my requirement, which is that a client 
needs to be able to issue a request that says "am I the <credentialed 
id> that obtained this lock"?  The client is *not* asking an ACL 
question: can I unlock this resource; the client is asking a workflow 
question: would I be unlocking someone else's lock if I did unlock 
the resource?  It's the workflow question that's at the heart of the 
requirement.

So, Geoff, given ACL's (desirable) vagueness about "principals", and 
building on your language about "request credentials", can we alter 
the DAV spec language so that servers can return info about "is this 
request authorized with the same credentials as the lock request" and 
still be compatible with ACL?

     dan

P.S. Another way of looking at this is to say: the ACL info provides 
a way of distinguishing between principals (i.e., they have different 
capabilities), but that way of distinguishing is not required to be 
fine-grained enough to support what I claim is the "workflow 
intuition" behind DAV locking: locks are held by a particular 
<workflow user identity> and are only allowed to be used (in the 
absence of ACL or other server admin magic) by that <workflow user 
identity> regardless of token.  My requirement is that users be able 
to determine whether they are currently authenticating requests as 
the same <workflow user identity> as the request that locked the 
resource was. -d.
-- 
Daniel Brotsky, Adobe Systems
tel 408-536-4150, pager 877-704-4062
2-way pager email: <mailto:page-dbrotsky@adobe.com>
Received on Monday, 14 January 2002 14:02:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:59 GMT