W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2004

Re: Call for consensus on UNLOCK Request-URI being lock root

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sun, 11 Jul 2004 12:56:57 +0200
Message-ID: <40F11CF9.6010002@gmx.de>
To: Joe Hildebrand <joe@cursive.net>
Cc: Lisa Dusseault <lisa@osafoundation.org>, WebDAV <w3c-dist-auth@w3.org>

Joe Hildebrand wrote:
> July 6 has passed.  It looks to me like we have consensus on option 1,  
> with the following reasons:
> - This is what existing implementations do
> - It's one possible way of reading 2518
> - It doesn't conflict with other decisions that have already been made
> I didn't see any objections to Lisa's proposed wording:
>     The UNLOCK method identifies a lock to remove with the lock token in
>     the Lock-Token request header.  The Request-URI MUST identify a
>     resource within the scope of the lock.

I'd prefer something that actually focuses on what the method does (the 
purpose of UNLOCK is not to identify a lock; it's to remove it), such as:

"The UNLOCK method removes the lock identified by the lock token in the 
Lock-Token request header from the resource identified by the 
Request-URI, and all other resources included in the lock. Note that the 
UNLOCK request may be submitted to any resource locked by that lock 
(even those that are locked indirectly)." 

> Then later in the error code information for UNLOCK:
>     400 (Bad Request) - No lock token was provided, or request was
>     made to a Request-URI that was not within the scope of the lock.

Here, I'd prefer that we define specific precondition codes that more 
clearly describe the problem:

"5.2 Preconditions

5.2.1 DAV:lock-token-matches precondition

The lock identified by the "Lock-Token" request header exists, and the 
resource identified by the Request-URI indeed is directly locked by the 
specified lock.

5.2.2 DAV:lock-removal-allowed precondition

As dicussed above, the principal authenticated for the UNLOCK request 
MUST be allowed to remove the identified lock (note that servers that 
support the "WebDAV Access Control Protocol" should use the 
DAV:need-privileges precondition defined in section 7.1.1 of 

> Also, it appears that we have consensus that refreshing locks should  
> work the same way, namely, that you can refresh a lock by sending a  
> LOCK request to any URI covered by the lock.


Best regards, Julian

<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Sunday, 11 July 2004 06:58:00 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:30 UTC