W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2002

RE: Submitting lock tokens without a validity check

From: Lisa Dusseault <lisa@xythos.com>
Date: Sat, 23 Nov 2002 14:13:07 -0800
To: "'Julian Reschke'" <julian.reschke@gmx.de>, "'Clemm, Geoff'" <gclemm@rational.com>, "'Webdav WG'" <w3c-dist-auth@w3c.org>
Message-ID: <001801c2933d$80b292f0$620afea9@xythoslap>

> >
> > If a client uses "If: urlA (tokenA) (Not tokenA)" then the client
> > *not* find out that their lock is invalid.   So that's not a real
> Wow. You managed to completely puzzle me.
> I thought that was exactly the point of this kind of request.

Weird, eh?  By using the If-Not-If hack, the client asks the request to
succeed if the locktoken is invalid, or the locktoken is valid.  So the
client never finds out if the locktoken is invalid, because the
if-not-if combination never fails.

> Can you please explain again what the issue to be solved is, or point
> to
> "the" mailing list message (in the archive) that explains it?

The issue to be solved is that all the client developers who have spoken
up about the if header say that it's too hard to make interoperable.
Every time the client is tested against a new server, some operations on
locked resources fail.  Usually they fail because 
 1. the server expects to see a lock token that the client hasn't
 2. the server expects a lock token to apply to a specific URL and the
client didn't use the correct URL, 
 3. the client provides a locktoken for a URL that isn't even affected
in the request, and that lock token or URL is incorrect, or 
 4. the lock expired.

The reason why I suggested the approach of defining '*' as a wildcard
for the IF header is because 
 - it removes the need to figure out which URL to put the locktoken on
(fixing #2)
 - when multiple resources are under the same lock, and when the lock
token appears with '*', it's clear that  it applies to any resource
locked with that token (fixing #2 even more);
 - it makes it easier to include lock tokens that aren't actually
required (fixing #3 and making #1 less likely)
 - It's shorter than putting the full URL (although we may still need
comma support) (making #1 easier to achieve by including more lock
tokens before running up against length limitations)

Received on Saturday, 23 November 2002 17:13:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:26 UTC