- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 8 Oct 2002 11:30:01 +0200
- To: "Clemm, Geoff" <gclemm@rational.com>, "'Webdav WG'" <w3c-dist-auth@w3c.org>
- Message-ID: <JIEGINCHMLABHJBIGKBCMEFIFIAA.julian.reschke@gmx.de>
RE: Interop issue: Proposal for fixing lock token provisionI agree with
Geoff.
If there's an interoperability problem, I'd like to see a precise
description, preferrably from the client implementors.
The scenario of a client having a lock token and the etag trying to PUT, and
the server rejecting the request because the lock was lost doesn't really
seem to be a case that needs special treatment. If this is happening
frequently, it's a client (wrong timeout) or server bug that needs to be
fixed. If it doesn't happen frequently, there's no reason to add special
optimzations in RFC2518bis.
Julian
--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
-----Original Message-----
From: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-request@w3.org]On
Behalf Of Clemm, Geoff
Sent: Monday, October 07, 2002 9:18 PM
To: 'Webdav WG'
Subject: RE: Interop issue: Proposal for fixing lock token provision
From: Lisa Dusseault [mailto:lisa@xythos.com]
The proposal to require tagged-lists would not fix everything:
- The IF header, particularly with URL tagging, is very long and
can't be split up over several lines.
I'd be happy to extend the syntax of the If header to allow a ","
to separate the productions.
RFC2518 authors: was it just a blunder (:-) that "," is not
the separator, or was there some good reason why it wasn't used?
Server writers: what would your server do today if it received
multiple If headers in a single request?
- If a lock disappears, the request will fail, even if the client
wants it to succeed anyway. Round-trip required.
As indicated in my previous message, I need to see some explanation
for why clients that don't care about merge prevention are using locks
in the first place? Why aren't they just using etags?
- The client doesn't always know which locks are required
(e.g. DELETE a resource in collection with depth-0
lock). Round-trip required.
I don't see any connection between this issue and whether or
not to use a separate header. If they don't have the right
list of tokens in the new header, they will still get a failure
and the same extra round-trip is required.
Note that if we went with the proposal simply to require tagged
lists, then the untagged list production should be
'deprecated', probably by telling clients they MUST NOT use
untagged list productions. The untagged syntax becomes useless and
should eventually be removed, though servers must continue to
support the syntax as long as they want to interoperate with
pre-existing clients.
If the untagged syntax becomes useless, I'm happy to deprecate it.
I'm always happy to delete/deprecate things from the spec if they
turned out to not be useful ... that simplifies the spec, rather than
making it more complex.
I know the proposal to required tagged lists has been considered by
client developers, and it was considered inferior to the proposal
for a new header. In practice, it's the situation they currently
experience - although the specification doesn't say the client
MUST use tagged-lists, clients eventually come to that realization.
And still, after programming the client to work that way, they find
it's complicated and sometimes doesn't work in practice.
Why is it complicated to create a tagged list? And I'm not sure what
you mean by "in practice". If you mean "against existing servers",
then you certainly aren't going to fix things by adding a new header
that those servers are not expecting.
My impression from what is being reported is that clients aren't
aware they should be sending a tagged list, and some servers aren't
aware that tagged lists need to be implemented. This is simplest
to fix by making clients aware that they should be sending tagged
lists, and making servers aware that they should be implementing
tagged lists.
Client implementers aren't the largest active constituency on this
mailing list, and I'm not sure why, because I would guess they are
the largest constituency of WebDAV implementers. When we do hear a
solid consistent opinion from the client implementers, I believe it
should be taken very seriously.
For there to be demonstrable solid consistent opinions from client
implementers, we need to see it documented in the mailing list, since
that is where working group consensus is formed. If client implementers
feel this is an important issue, it is imperative that they participate
in this discussion. It's like democracy ... you don't get to complain
if you don't vote.
Cheers,
Geoff
From: Clemm, Geoff
Alternatively, we could just say:
"A client MUST submit a tagged-list If header, using the
DAV:lock-root of the lock as the tag for that lock token."
A simple rule for new clients, that will interoperate with
all correctly implemented old and new servers.
If any of the tagged-list productions fail, the resource
that is no longer locked will be indicated with a 412 in
the multistatus return, telling the client to either remove
that lock from its table, or request a new lock for that
resource.
Cheers,
Geoff
-----Original Message-----
From: Jason Crawford [mailto:nn683849@smallcue.com]
for compatibility reasons, if the client didn't provide the new submit
header, the server prudently can be expected to check the If: header
using whatever semantics that it thinks 2518 specifies regarding
token submission.
Similarly, for compatibility reasons (in addition to any correctness
reasons)
we might expect the client to continue to submit If headers. For
compatibility
reasons a production client wouldn't depend on the server checking
conditions on
resources other than ones the server thinks are pertinent, but we can
begin
to
test interoperability of that. Eventually though clients would only
submit
the If: header for correctness reasons and will feel free to do checks
on
any resource it feels is appropriate.
> d) all state productions in a If header are checked, not only those
that
> apply to "affected" resources by the operation.
Yes, Initially clients that are spamming the If: header will pay a
price
for that. But as they eventually move to the new header or stop
spamming the If: header, that price will no longer be paid.
The tact that can be taken in production systems is...
New clients can submit the new header and only the If: clauses that it
feels
it wants tested. If the LOCKED error code is returned, they can
resubmit
to check if the error is just a problem with an old server. This
means
there
will be a price for using an old server, but things will still work and
it
will be
an incentive to upgrade.
New clients can submit If: clauses for extra resources, but they will
not
be
written to be dependent on submitting extra If: clauses to achieve
correctness. Not unless they have a way to verify that the server
supports this. I don't see this as a problem since we aren't
emphasizing
this feature yet. But eventually it becomes a possibility.
New servers will know that if a client submits a new header, that it
should
process that new header. In that case it will also process *all* of
the
If: header
clauses and we can test servers to verify that they support this even
if
production clients don't exercise this feature.
If new servers receive a request that does not have the new header,
they
will fall back on whatever code they currently use for If: headers
submitting
lock tokens.
That's what productions systems could do. Testing systems and tightly
integrated systems could actually fully exercise the new features.
Received on Tuesday, 8 October 2002 05:30:07 UTC