W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: [Bug 23] lock discovery vs shared locks

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 29 Oct 2005 10:43:39 +0200
Message-ID: <4363363B.9030606@gmx.de>
To: Geoffrey M Clemm <geoffrey.clemm@us.ibm.com>
CC: Lisa Dusseault <lisa@osafoundation.org>, w3c-dist-auth@w3.org

Geoffrey M Clemm wrote:
> 
> The last sentence is incorrect.  A lock token appears in a PROPFIND
> lockdiscovery only if the server wishes to expose it.  I have argued
> in the past that a sensible server should never expose a lock token in a
> PROPFIND lockdiscovery, since it just allows a client of a user
> to incorrectly re-use a lock token still in use by another client
> of that user.  So if we say anything, it should "A server SHOULD NOT
> include a lock token in a PROPFIND lockdiscovery, since it introduces
> the possibility of two clients of a given user overwriting each others
> changes".

Here I'll disagree with Geoff :-)

"lock stealing" is further controlled (or can be controlled) by checking 
the principal as well.

I *do* agree that it makes sense to have one coherent section that gives 
advice on how not to reveal lock tokens. For instance, servers are 
allowed to report the locks, but not to disclose the lock tokens (see 
<http://greenbytes.de/tech/webdav/rfc2518.html#rfc.section.12.1>).

Best regards, Julian
Received on Saturday, 29 October 2005 08:44:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:11 GMT