W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: Question for implementors: definition of Lock with bindings

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 16 Dec 2005 21:48:40 +0100
Message-ID: <43A32828.6000301@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: Eric Sedlar <eric.sedlar@oracle.com>, greg stein <gstein@lyra.org>, Helge Hess <helge.hess@opengroupware.org>, Barry Lind <blind@xythos.com>, WebDav WG <w3c-dist-auth@w3.org>, Larry Masinter <LMM@acm.org>, Dan Brotsky <dbrotsky@adobe.com>, Chris Sharp <csharp@apple.com>, Jim Luther <luther.j@apple.com>, Stanley Guan <stanley.guan@oracle.com>, Kevin Wiggen <kwiggen@xythos.com>

Lisa Dusseault wrote:
> In the current proposed model of locking and binding (GULP -- several 
> emails recently with pointers), it's defined that a lock covers the 

Rather then letting people search for these messages, why not include a 


> binding that the LOCK request that was sent to and the resource that the 
> binding maps to.

Actually, the URL, not the binding:

" - If a request causes a directly locked resource to no longer be
     mapped to the lock-root of that lock, then the request MUST
     fail unless the lock-token for that lock is submitted in the
     request.  If the request succeeds, then that lock MUST have been
     deleted by that request."

> Another possible definition of the scope of a lock could be that the 
> lock would cover the resource that the binding maps to and ALL bindings.

Previously discussed in 

> One consequence of choosing between these two models is the cases in 
> which DELETE of a locked resource requires the lock token.  According to 
> the first definition, DELETE requires a lock token only if the locked 
> binding is addressed; all other bindings can be removed without needing 
> a lock token.  According to the second definition, DELETE of a locked 
> resource always requires the lock token.
> Please answer with your model preference and reasoning so that we can 
> close this issue.  We'd particularly like to know if this affects an 
> implementation -- an implementation that supports BIND, or has custom 
> bindings through file system links (mod_dav?), or could otherwise be 
> affected.

The effect of requiring all URLs to be protected by the lock are:

- more complexity in server
- loss of symmetry (why is it possible to add a binding without having 
the lock token, but not to remove the same binding later?)
- questionable client semantics (exactly why would a client care?? 
please provide a use case that justifies the additional requirements).

Best regards, Julian
Received on Friday, 16 December 2005 20:50:14 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:34 UTC