- From: Clemm, Geoff <gclemm@rational.com>
- Date: Mon, 15 Jan 2001 12:01:56 -0500
- To: "'w3c-dist-auth@w3.org'" <w3c-dist-auth@w3.org>
See RFC 2518, section 7.6. It describes why lock tokens are needed to prevent overwrite behavior from two or more clients that are being run by the same authenticated user. Cheers, Geoff -----Original Message----- From: Schlee Stefan [mailto:ssch@ticon.at] Sent: Monday, January 15, 2001 10:04 AM To: 'w3c-dist-auth@w3.org' Subject: lock-token Hello, I hope this question is not too basic for this discussion group. I have read the DAV spec and browsed through the mail archive of this mail list but did not find an answer to the following question: Why has the lock-token to be universaly unique? Because it is a property that can be queried by any person, beeing in the state of posessing a universaly unique token does not provide me with a special privileges per se. If I understood the spec thats why you have to authenticate yourself to make use of a lock-token. But than, why use a token at all. Woulde'nt it suffice that the server registers who has taken a lock on the locked ressource (for example with the public key of the lock-owner) and require anybody who wants to perform "critical" operations on the locked ressource to verify his/her identity. Thanks in advance for helping me, regards > Stefan Schlee / TI[con] > >
Received on Monday, 15 January 2001 11:54:48 UTC