- From: Jason Crawford <ccjason@us.ibm.com>
- Date: Mon, 23 Jul 2001 13:32:01 -0400
- To: WebDAV <w3c-dist-auth@w3.org>
<< I agree with Lisa that who can unlock a resource should be an access control issue (exposable and controllable through the access control protocol), and not something hard-wired into the locking protocol. >> Lisa, Geoff and Tim have all agreed along these lines and noone has disagreed. My next question is... What should 2518 say then? Nothing and leave a void? Explicitly delegate to the ACL spec? The only suggestion so far is... << I would extend this statement to say that this applies to any use of a lock token on a resource, not just to who can use it for UNLOCK. So I would remove the "only by owner" language in 2518, which states that only the "owner" of a lock token can use it, and replace it with "only a client with sufficient privileges". >> Is this the change to 2518 that we want? Any other suggestions? Let's hear from you? J. ------------------------------------------ Phone: 914-784-7569, ccjason@us.ibm.com
Received on Monday, 23 July 2001 13:51:19 UTC