W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2006

LNRs (lock null resources) in RFC2518bis

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 09 Jan 2006 22:39:22 +0100
Message-ID: <43C2D80A.4020002@gmx.de>
To: WebDAV <w3c-dist-auth@w3.org>


this is an attempt to summarize the current status regarding RFC2518bis' 
deprecation of lock-null resources, and what's IMHO left to do.


In RFC2518, applying LOCK to an unmapped URL creates a so-called Lock 
Null Resource (LNR), which reserves the URL, but doesn't create a 
full-blown resource. Subsequently applying PUT or MKCOL transforms the 
LNR into a locked resource or collection. Not doing so causes the LNR to 
disappear after the associated lock expires.

Experience has shown that LNRs have made server implementations much 
more complicated, and many servers never have implemented them correctly 
(for instance, IIS). Furthermore (as as far as I can tell), there's 
little evidence of real-world clients that actually require LNRs to work 
as defined by RFC2518 (there may have been one response suggesting 
otherwise that I currently can't locate; maybe this was from Apple??)

Consensus points:

I think there's broad consensus that we want allow servers to implement 
a simpler model, and clients to require to interoperate with these 
simplified servers.

The stripped-down requirements are:

R1) A successful LOCK applied to an unmapped URL creates an empty, 
locked, regular resource (called ELR from here).

And that's it. No additional requirements.

We have disagreement on:

1) Are servers still allowed to implement the old model?

2) If so, how do we express this in the spec?

To make progress on these remaining questions, let's have a look at the 
additional requirements of LNRs over ELRs:

R2) Live properties and collection containment reflect the LNR status of 
the resource (see 
<http://greenbytes.de/tech/webdav/rfc2518.html#rfc.section.7.4> and 
for details).

R3) The LNR can be converted into an ELR by applying PUT or MKCOL.

R4) If it isn't, it disappears.

Let' assume for a moment that we continue to allow servers to implement 
LNRs. What would be the impact for clients that expect the simplified 

I1) The resource may go away when the client lets the lock expire: this 
is an edge condition. If a client really handles this case, it will have 
to do a subsequent DELETE, and getting a 404 upon that one would be 
completely harmless.

I2) Clients may be confused by some specifics of PROPFIND on the parent 
(member not listed) or on the resource itself (some live properties 
missing), but this will be completely harmless as long as the client 
sends a PUT after the LOCK, which is the likely use case anyway.

So to me it seems that allowing servers to continue to support the old 
model is harmless.

Current draft (10):

The current draft says that servers MUST support either ELRs or LNRs, 
and that they SHOULD implement ELRs 
It also says that servers implementing LNRs are not compliant to this 
spec, which I think is a spec bug (see 
It also requires servers (MUST level) to accept a Content-Type request 
header upon PUT, which is a totally new requirement, and really has 
nothing to do with the whole issue (see 

I think this needs to be improved. Suggestion:

- Make only those aspects of ELRs required that are actually relevant to 
the client, meaning that a subsequent PUT with the correct If header 
leads to a regular locked resource being created.

- Suggest that implementing ELRs is the simplest way to achieve these 

- Thus allow servers to continue implementing LNRs; clients that really 
care can discover the type of resource being created by doing a 
subsequent PROPFIND on the LOCKed URL.

That's it.

Feedback appreciated,

Received on Monday, 9 January 2006 21:41:19 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:35 UTC