Re: One lock per resource per person? from Greg Stein on 1999-10-27 (w3c-dist-auth@w3.org from October to December 1999)

From: Greg Stein <gstein@lyra.org>
Date: Wed, 27 Oct 1999 14:18:38 -0700 (PDT)
To: jamsden@us.ibm.com
cc: w3c-dist-auth@w3.org
Message-ID: <Pine.LNX.4.10.9910271409530.25216-100000@nebula.lyra.org>

On Wed, 27 Oct 1999 jamsden@us.ibm.com wrote:
> What this implies is that a principal is really some unit of concurrent
> processing. That's the only way update conflicts can occur anyway. However,
> WebDAV specifies the principal as a (potentially) authenticated user agent,
> which is not generally a process. Of course it could be, but this is
> outside the scope of WebDAV. The current locking semantics leaves the
> responsibility of managing current processing by the same principle with
> the principle, not the protocol and server. The principle can use lock
> tokens to distinguish applications that got the token by locking vs. some
> other out-of-band means. The management of this is, and should be, outside
> the scope of WebDAV.

I think you're using semantics as an excuse here. I do not read the same
behavior from the spec (I see the same principle as being able to get
multiple, shared locks); therefore, I think you're stating it [as above] 
solely in a way to support your hypotheses.

> I would suggest that Gregs example would be better
> handled by the principal wanting to distinguish locks by application A and
> B using two different authentication aliases.

NO. As a user, I am assigned a *single* authentication alias on the
server. In an NT environment, it is my domain\username; in a Kerberos
environment, it is my login user/ticket; etc. There is no easy way for the
user to just "well, I'll use a second alias to differentiate these." That
is out of the user's scope and reliant upon the network/security
administrator. I *really* don't think the admin is about to say "well,
let's see... they're going to use up to three apps simultaneously against
our DAV server, so I guess that I'll create three users for this person;
oh wait, but what if they want to run four apps? I guess that I tell the
person they can't do that." The admin isn't going to do this for any
number of reasons.

And the user? There is no way they're going to go through a separate
authentication processes with the server simply to use more than one app
at a time. As a user, one of the best things that I like about Windows is
that it automatically supplies my credentials to servers -- that I only
have to supply them once. In the Unix world, I'm starting to change over
to ssh to get similar functionality, but still..

Cheers,
-g

--
Greg Stein, http://www.lyra.org/

Received on Wednesday, 27 October 1999 17:18:58 UTC