RE: rfc2818 issue: UNLOCK_BY_NON_LOCK_OWNER

<<
I agree with Lisa that who can unlock a resource should be an
access control issue (exposable and controllable through the
access control protocol), and not something hard-wired into the
locking protocol.
>>
Lisa, Geoff and Tim have all agreed along these lines and noone has
disagreed.  My next question is...  What should 2518 say then?  Nothing and
leave a void?  Explicitly delegate to the ACL spec?

The only suggestion so far is...

<<
I would extend this statement to say that this applies to any
use of a lock token on a resource, not just to who can use it
for UNLOCK.  So I would remove the "only by owner" language in
2518, which states that only the "owner" of a lock token can use it,
and replace it with "only a client with sufficient privileges".
>>

Is this the change to 2518 that we want?  Any other suggestions?  Let's
hear from you?

J.


------------------------------------------
Phone: 914-784-7569,   ccjason@us.ibm.com

Received on Monday, 23 July 2001 13:51:19 UTC