W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2007

Guidance for dealing with both kinds of resources created by LOCK (was Re: IETF Last Call review: changes suggested)

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Fri, 26 Jan 2007 13:58:36 -0800
Message-Id: <4BB34111-5AF4-45D1-93E3-2DC100FBFAA9@osafoundation.org>
Cc: WebDAV WG <w3c-dist-auth@w3.org>
To: Julian Reschke <julian.reschke@gmx.de>

I'm not quite sure we've dealt with the high-order question yet of  
whether to attempt to add guidance for clients dealing with servers  
that might support Lock-null resources (LNR) or locked, empty  
resources.  It's my impression that some servers have already moved  
away from LNRs to do the new locked, empty resources; other servers  
never implemented LNRs fully or never did locking.  Clients have  
probably already figured out how to work with both kinds of servers  
by now.  Julian, your opinion seems rather lukewarm or indifferent.   
Did anybody else have an opinion?

Perhaps if we run into difficulties agreeing on what guidance to  
provide we can abandon the effort.

More inline, relevant if we do try to provide guidance...

On Jan 17, 2007, at 5:18 AM, Julian Reschke wrote:

>>> It would help if there was descriptions of how clients should  
>>> perform actions portably given that MAY.  For example:
>>> - if a client locks an unmapped URL and then decides to COPY or MOVE
>>>   another resource to that name, it needs to include an  
>>> "Overwrite: T"
>>>   header in the COPY/MOVE
> It needs that with the new approach, and it seems to me it was  
> undefined with LNRs. Do we have any evidence of interoperability  
> issues here?

I don't have evidence of interoperability, but I agree the Overwrite  
header is clearly needed with the new approach, and I can't think it  
would hurt with a LNR server.  So I can't think of a drawback to  
including this as part of the guidance.

>>> - similarly, if it changes its mind and decided to not create the
>>>   resource, it needs to use DELETE instead of UNLOCK
> No, it doesn't.

In a later mail you mentioned also being able to do UNLOCK then  
DELETE.  That won't result in a success with a LNR -- the DELETE will  
fail.  OTOH, I'm not clear whether a DELETE will be allowed to  
succeed on an LNR -- it may fail and only an UNLOCK will make the LNR  
go away.  So perhaps the guidance should be:
	- attempt first to UNLOCK, expect success on either kind of server
	- then send a DELETE and ignore 404 Not Found responses

OR attempt first to DELETE, and if that fails try UNLOCK...?  This is  
the optimistic approach, particularly assuming most servers will  
eventually support the new model.

>>> - if a client wants to creat a new, empty collection and lock it,  
>>> the
>>>   client should not pipeline a MKCOL and LOCK but rather do the  
>>> MKCOL and
>>>   only send a LOCK if it succeeds.  Pipelining them can result in  
>>> the
>>>   client locking a collection that someone else created or even the
>>>   locking of something other than a collection.  (Or maybe I'm
>>>   overlooking something here...)
> I'd say that by not pipelining them the client actually increases  
> the chance of locking a collection created by somebody else. But -  
> thinking of it - why is that a problem anyway? It really doesn't  
> matter who created the collection, as long as it's there and locked  
> after the two requests, right? It's not as if *two* clients can  
> succeed in locking them.

We could add the guidance that if the client pipelines MKCOL and LOCK  
together and sees that the MKCOL failed but the LOCK succeeded, it  
needs to realize that it may have created a locked, empty resource or  
it may have locked some other client's collection -- and thus the  
client probably needs to UNLOCK or figure out what kind of resource  
it has locked before proceeding.

Received on Friday, 26 January 2007 21:58:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:41 UTC