- From: Yaron Goland <yarong@microsoft.com>
- Date: Wed, 22 Jul 1998 12:46:12 -0700
- To: "'francis@netscape.com'" <francis@netscape.com>, w3c-dist-auth@w3.org
The DAV standard provides that anyone may be allowed to discover the lock token associated with a lock, there is no required security in regards to the lock token. The security comes in terms of authentication. So I can discover your lock token and request your lock be removed. However if my access level on the server isn't sufficient to authorized me to remove your lock then my request will fail. Thus, using the current WebDAV standard, an administrator can go in, discover any lock token and request that the lock be unlocked. In addition the DAV ACL effort (there are two IDs out, one for requirements and another for protocol) is defining how you can actually set those ACLs in the first place. Today you must have an out of band mechanism to actually set the ACL that made you into an administrator. Yaron > -----Original Message----- > From: francis@netscape.com [mailto:francis@netscape.com] > Sent: Wednesday, July 22, 1998 11:09 AM > To: w3c-dist-auth@w3.org > Subject: Re: Additional WebDAV Requirements? > > > Jeffrey E. Sussna wrote: > > > The RFC states that it should be possible to remove locks. > > It says nothing about under what circumstances, or by > > whom. With respect to locking and reservations, it is > > critical that a mechanism be supported to release dangling > > locks or reservations. > > Certainly this is necessary in a product; but I don't think > it's necessary in the standard. Generally, servers come > with administrative UIs or utilities; those UIs could > provide this functionality however they desire. Come to > that, some/many DAV servers will be built around existing > document management systems; such servers could be > implemented in such a way that you could just delete the > lock in the DMS. (It wouldn't be automatic; it would > require the DAV server to consult with the DMS to verify the > lock was still valid every time it was used.) > -- > John Stracke > Software Retrophrenologist > Netscape Communications Corp. > francis@netscape.com > My opinions are my own. > >
Received on Wednesday, 22 July 1998 15:45:53 UTC