RE: Issue: UNLOCK_WHAT_URL

y

On Mon, 8 Jul 2002, Clemm, Geoff wrote:

> 
> I agree that an UNLOCK on a resource not locked by the
> specified lock token MUST fail.
> 
> Cheers,
> Geoff
> 
> -----Original Message-----
> From: Jason Crawford [mailto:ccjason@us.ibm.com]
> Sent: Monday, July 08, 2002 3:10 PM
> To: Julian Reschke
> Cc: w3c-dist-auth@w3.org
> Subject: Issue: UNLOCK_WHAT_URL
> 
> 
> I've changed the issue name to the one on the issue list that seems more
> appropriate. See new Subject: line.
> 
> > So do we have agreement that *any* of the URIs affected by a deep lock can
> > be used to do the UNLOCK operation?
> 
> 
> The other question of that issue is... do we agree that if you request an
> UNLOCK
> on a resource that is not locked by that lock, that the request should fail?
> 
> 
> I believe in previous discussions it was suggested that we should not allow
> one
> to specify a URL other than one that is locked by the lock. The reasoning
> was
> that in a virtual website where the URI space might be partitioned and
> delegated 
> across several machines (perhaps using intermachine BIND requests), it might
> be 
> burdensome for all machines of the virtual website to be familiar with all
> locks.
> 
> Anyway, regardless of folks believing this, I'd like to confirm that UNLOCK
> requests
> specifying a request URI of an unlocked resource should be rejected.
> 
> Opinions?
> 
> J.
> 
> 
> ------------------------------------------
> Phone: 914-784-7569, ccjason@us.ibm.com
> 
> "Julian Reschke" <julian.reschke@gmx.de>
> 
> 
> 
> 
> 
> "Julian Reschke" <julian.reschke@gmx.de>
> Sent by: w3c-dist-auth-request@w3.org 
> 07/08/2002 07:24 AM
> 
> To: <w3c-dist-auth@w3.org>
> cc: 
> Subject: RE: root of a lock, was HOW_TO_IDENTIFY_LOCK_OWNER
> 
> 
> 
> 
> > To: Daniel Brotsky <dbrotsky@adobe.com>
> > Cc: "Clemm, Geoff" <gclemm@Rational.Com>, w3c-dist-auth@w3c.org
> > Message-ID: <OF7C4220CB.830F87EE-ON85256B41.006F0EFA@pok.ibm.com>
> > From: "Jason Crawford" <ccjason@us.ibm.com>
> > Date: Mon, 14 Jan 2002 15:19:50 -0500
> > Subject: RE: root of a lock, was HOW_TO_IDENTIFY_LOCK_OWNER
> >
> >
> > > In addition to Geoff's answer:
> > > If you are an administrator trying to unlock a resource obtained by
> > > someone else, you have to be able to figure out which resource to
> > > unlock. You can't unlock an internal member of a collection that's
> > > locked by a depth-inifinity lock without knowing which collection was
> > > actually locked.
> >
> > CAN'T?
> 
> (going back to an old discussion...)
> 
> RFC2518, 8.11 says [1]:
> 
> "The UNLOCK method removes the lock identified by the lock token in the
> Lock-Token request header from the Request-URI, and all other resources
> included in the lock. If all resources which have been locked under the
> submitted lock token can not be unlocked then the UNLOCK request MUST fail.
> "
> 
> So do we have agreement that *any* of the URIs affected by a deep lock can
> be used to do the UNLOCK operation?
> 
> 
> [1] <http://greenbytes.de/tech/webdav/rfc2518.html#METHOD_UNLOCK>
> 
> 

Received on Monday, 8 July 2002 16:44:34 UTC