W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2001

RE: lock-token

From: Clemm, Geoff <gclemm@rational.com>
Date: Mon, 15 Jan 2001 12:01:56 -0500
Message-ID: <3906C56A7BD1F54593344C05BD1374B101B14CE2@SUS-MA1IT01>
To: "'w3c-dist-auth@w3.org'" <w3c-dist-auth@w3.org>
See RFC 2518, section 7.6.

It describes why lock tokens are needed to prevent overwrite
behavior from two or more clients that are being run by the same
authenticated user.


-----Original Message-----
From: Schlee Stefan [mailto:ssch@ticon.at]
Sent: Monday, January 15, 2001 10:04 AM
To: 'w3c-dist-auth@w3.org'
Subject: lock-token


I hope this question is not too basic for this discussion group. I have read
the DAV spec and browsed through the mail 
archive of this mail list but did not find an answer to the following

Why has the lock-token to be universaly unique?
Because it is a property that can be queried by any person, beeing in the
state of posessing a universaly unique token 
does not provide me with a special privileges per se. If I understood the
spec thats why you have to authenticate yourself to make use of a
But than, why use a token at all. Woulde'nt it suffice that the server
registers who has taken a lock on the locked ressource (for example with the
public key of the lock-owner) and require anybody who wants to perform
"critical" operations on the locked ressource to verify his/her identity.

Thanks in advance for helping me, regards

> Stefan Schlee / TI[con]
Received on Monday, 15 January 2001 11:54:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:21 UTC