W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: [Bug 23] lock discovery vs shared locks

From: Geoffrey M Clemm <geoffrey.clemm@us.ibm.com>
Date: Tue, 15 Nov 2005 22:53:39 -0500
To: " webdav" <w3c-dist-auth@w3.org>
Message-ID: <OFA7E98C0D.DE4E0458-ON852570BB.000FB358-852570BB.00155DE6@us.ibm.com>
I can only repeat what I posted a few weeks ago ... a client should
never steal a lock taken out by an earlier client by re-using the
lock token of that earlier client ... it should do so by UNLOCK'ing
the resource and requesting its own lock.  That way if the original
lock owner is still alive or comes back to life, the earlier client's
attempt to use the original lock token to update the resource will fail, 
thus preventing the changes made by the later client from being 

So I object to the text in the current draft, because it encourages
clients to do the wrong thing, and encourages servers to support clients
doing the wrong thing.


w3c-dist-auth-request@w3.org wrote on 11/15/2005 09:13:51 PM:

> I'm still concerned about a possible inconsistency here.  Sorry if I'm 
> being dense, but I thought that we had a previous consensus (a long 
> time ago) that servers SHOULD provide lock tokens for all locks so that 
> if there were a client bug, a crash, a LOCK reply "lost in the mail", 
> or a need for an owner or administrator to remove somebody else's stale 
> lock.  Some text currently in the draft to that extent:
>    "Anyone can
>     find out anyone else's lock token by performing lock discovery."
> So given that implies that lock discovery can find out all lock tokens 
> (given permission), and that the lockdiscovery property is returned in 
> the LOCK response body, doesn't that mean that the lock token is 
> returned both in the LOCK response headers (Lock-Token) and body?
> Also, we had previously discussed at an interop which is the "right" 
> place to put the lock token and concluded that servers ought to put the 
> token in both places because we found during interoperability testing 
> that we had clients that looked in one place, and other clients that 
> looked in the other, so we might as well continue supporting both.
> Lisa
> On Nov 6, 2005, at 12:09 PM, Julian Reschke wrote:
> >
> > For the record,
> >
> > I don't think that the recent discussion has brought up any new points 
> > that need to be said here, so I'd like to again recommend to close the 
> > issue with the following change (as seen in 
> > <http://lists.w3.org/Archives/Public/w3c-dist-auth/2005OctDec/ 
> > 0242.html>).
> >
> > Proposed resolution for 
> > <http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=23>: [...]
> >
> > NEW:
> >    A lock token is a type of state token, represented as a URI, which
> >    identifies a particular lock.  Each lock has exactly one unique 
> >    token, which is returned upon a successful LOCK creation operation 
> > in
> >    the "Lock-Token" response header defined in Section 9.6.
> >
> >
> > Best regards, Julian
> >
Received on Wednesday, 16 November 2005 03:53:56 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:33 UTC