- From: Jim Amsden <jamsden@us.ibm.com>
- Date: Mon, 15 Jan 2001 14:11:53 -0500
- To: w3c-dist-auth@w3c.org
Schlee,
Section 7 of RFC2518 describes the locking semantics and provides
motivation for both lock tokens, and why they need to be unique. Briefly,
lock tokens need to be unique so that there is never a chance of applying a
lock token to the wrong resource. The reason the principal id isn't
sufficient is that the same principal may have multiple concurrent
processes running at the same time. Lock tokens provide a way of managing
concurrent updates for the same user in these situations.
Schlee Stefan
<ssch@ticon.at> To: "'w3c-dist-auth@w3.org'" <w3c-dist-auth@w3.org>
Sent by: cc:
w3c-dist-auth-requ Subject: lock-token
est@w3.org
01/15/2001 10:03
AM
Hello,
I hope this question is not too basic for this discussion group. I have
read
the DAV spec and browsed through the mail
archive of this mail list but did not find an answer to the following
question:
Why has the lock-token to be universaly unique?
Because it is a property that can be queried by any person, beeing in the
state of posessing a universaly unique token
does not provide me with a special privileges per se. If I understood the
spec thats why you have to authenticate yourself to make use of a
lock-token.
But than, why use a token at all. Woulde'nt it suffice that the server
registers who has taken a lock on the locked ressource (for example with
the
public key of the lock-owner) and require anybody who wants to perform
"critical" operations on the locked ressource to verify his/her identity.
Thanks in advance for helping me, regards
> Stefan Schlee / TI[con]
>
>
Received on Monday, 15 January 2001 14:08:33 UTC