W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: Combined set of issues around lock tokens, examples, schemes

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 22 Oct 2005 20:53:18 +0200
Message-ID: <435A8A9E.5060300@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: WebDav WG <w3c-dist-auth@w3.org>

Lisa Dusseault wrote:
> There are several issues that intersect around lock token requirements 
> and examples.
>  - Some examples use the "locktoken" scheme which is defined nowhere

Correct. The spec shouldn't do that.

>  - The examples that use strings like "locktoken:a-lock-token" could be 
> converted to "opaquelocktoken:a-lock-token" but then that would be an 
> example of an invalid URI according to the rules of the 
> "opaquelocktoken" scheme and we generally want to provide "best 
> practices" examples (note, however, at the slight expense of readability)


>  - In the meantime, RFC4122 appeared and makes it unnecessary for WebDAV 
> to define how to do a UUID -- and we noticed that it defines a scheme as 
> well (urn:uuid:)

That's a change that's already in -- draft 07 doesn't specify how to 
generate UUIDs anymore.

Section 6.4 

In order to guarantee uniqueness across all resources for all time a 
server MAY use the Universal Unique Identifier (UUID) [9] mechanism to 
generate a lock token:


The 'opaquelocktoken' URI scheme extends the UUID mechanism slightly 
while still guaranteeing the lock token to be unique across all 
resources for all time. With the 'opaquelocktoken' scheme, the server 
MAY reuse a UUID with extension characters added. If the server does 
this then the algorithm generating the extensions MUST guarantee that 
the same extension will never be used twice with the associated UUID.

OpaqueLockToken-URI = "opaquelocktoken:" UUID [Extension] ; The UUID 
production is the string representation of a UUID. Note that white space 
(LWS) is not allowed between elements of this production.

Extension = path ; path is defined in section 3.3 of RFC2396 [5]

Besides fixing the obvious editorial problems here (ABNF examples and 
spec in the same paragraph), I don't see why we need to take out even more.

> What about resolving these by getting rid of the opaquelocktoken 
> scheme?  The specification requirements would still make it legal to use 
> any legal URI that was unique, so existing servers using 
> "opaquelocktoken" would not be made non-compliant by this change.  It 
> would simplify the spec by relying more on RFC4122 and defining one 
> fewer new scheme and a bit of syntax associated with that scheme.

The "opaquelocktoken" scheme is defined in RFC2518. Existing servers use 
it and are unlikely to stop using it (unless there's a replacement that 
provides exactly the same sematics). If RFC2518bis is going to 
"obsolete" RFC2518, I think it needs to keep the scheme declaration. On 
the other hand, if it doesn't keep it, I'll probably submit that as a 
separate spec.

Again: if it ain't broke don't fix it. I don't see any benefit in 
removing it, but lots of additional work and confusion if we do.

> In summary a recommended (but not the only) form for lock tokens would 
> be a UID in RFC4122 format, for example:
>   "urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6"

It just happens to be a simple URN scheme that fulfills the requirements 
for lock tokens. RFC2518 always allowed different schemes, and we should 
not make the impression that this changed.

> This seemed to make sense to Julian, Jim, Geoff and myself on the call 
> today, so if we missed anything, or anybody has objections, please raise 
> them.

+1 on having valid lock tokens in examples
+1 on using urn:uuid URIs to do that
+1 on simplifying the definition of "opaquelocktoken" by simply 
referring to the UUID generation instructions in RFC4122 (already done 
in draft 07)
-1 on removing the definition of "opaquelocktoken"

Best regards, Julian
Received on Saturday, 22 October 2005 18:53:41 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:33 UTC