W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2007

Re: IETF Last Call review: changes suggested

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 17 Jan 2007 14:18:03 +0100
Message-ID: <45AE220B.10006@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: WebDAV WG <w3c-dist-auth@w3.org>

Lisa Dusseault schrieb:
> 
> I received the following comments from an outside reviewer:
> 
>> The text should not state a MUST requirement (section 7.3, paragraph 
>> 3) and then later revoke that requirement by permiting servers to 
>> implement the original behavior.  It seems that locking an unmapped 
>> URL MAY (or SHOULD, but not MUST) result in the creation of a 
>> non-collection result with empty content, but that regardless the 
>> indicated URL MUST be locked.
> 
> I'm fine with making this change if others agree.  I could argue that 
> any server claiming compliance with "bis" can be required to implement 
> the new locking behavior and we don't need to make the old behavior a 
> specific option, but I think it's also reasonable to make the old 
> behavior a specific option.

The trick thing here is that the current draft tries to allow two 
different approaches, with a slight preference to the new, simpler 
approach. However, the BCP14 terminology doesn't capture that correctly.

A simple fix would be just to allow one behavior (the new one), but that 
would make some existing servers non-compliant, and my recollection was 
that we didn't want that (and I still think this is the right decision).

Basically, Lock-Null-Resources (LNRs) work fine, but their specific 
behavior is non-trivial and in some cases is extremely hard or 
impossible to implement, while providing little additional value to clients.

>> It would help if there was descriptions of how clients should perform 
>> actions portably given that MAY.  For example:
>> - if a client locks an unmapped URL and then decides to COPY or MOVE
>>   another resource to that name, it needs to include an "Overwrite: T"
>>   header in the COPY/MOVE

It needs that with the new approach, and it seems to me it was undefined 
with LNRs. Do we have any evidence of interoperability issues here?

>> - similarly, if it changes its mind and decided to not create the
>>   resource, it needs to use DELETE instead of UNLOCK

No, it doesn't.

>> - if a client wants to creat a new, empty collection and lock it, the
>>   client should not pipeline a MKCOL and LOCK but rather do the MKCOL and
>>   only send a LOCK if it succeeds.  Pipelining them can result in the
>>   client locking a collection that someone else created or even the
>>   locking of something other than a collection.  (Or maybe I'm
>>   overlooking something here...)

I'd say that by not pipelining them the client actually increases the 
chance of locking a collection created by somebody else. But - thinking 
of it - why is that a problem anyway? It really doesn't matter who 
created the collection, as long as it's there and locked after the two 
requests, right? It's not as if *two* clients can succeed in locking them.

> I agree with the reviewer that this would be useful guidance to client 
> implementors, and propose to add a subsection to Appendix D (Lock-Null 
> resources) that is non-normative.

I'm not opposed to adding something here, but first we need to agree 
here what that is...

Best regards, Julian
Received on Wednesday, 17 January 2007 13:18:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:15 GMT