- From: Dan Brotsky <dbrotsky@adobe.com>
- Date: Thu, 5 Sep 2002 09:20:15 -0700
- To: Michael Leditschke <mike@ammd.com.au>
- Cc: w3c-dist-auth@w3.org
Michael,
Just for the record, I disagree with most all of Geoff's responses here
(and in the subsequent thread), and I don't think he speaks "for the
working group" in saying that the DAV spec favors time-limited locking.
In the first place, I think client implementation (at the level, for
example, of "process") is way outside the scope of the spec.
Second, I believe that the language of the spec (as written)
intentionally doesn't say much at all about what constitutes an
"authoring client" (see section 6 on locking). I think that's
appropriate both because HTTP 1.1 is profoundly neutral about it and
because WebDAV hopes to allow a broad range of interoperable
implementations.
Third, there is a broad class of existing, interoperable
implementations (the Adobe Systems WebDAV-enabled products) which
communicate tokens among processes, persist tokens between invocations
of processes, and use LOCKDISCOVERY values (both tokens and owner
props) as a means of interoperating on the client side about authoring
responsibility. These impementations work against servers which allow
infinite-duration locks and those which don't.
FWIW, I believe that lock expiration is really tied to a usage model in
which clients actually use the server as a "remote file system," in the
sense that they may only have a non-persistent buffer locally and all
saves are done directly back to the server. This is the model that
Microsoft office clients use, for example, and they use lock timeouts
as a way of preventing lock stranding when clients crash.
The model you outlined---a local working copy is made of a locked
resource, that local copy is edited over an indefinite period of time,
that local copy is occasionally "published" to the server, and then the
server resource is unlocked after all local editing is complete---is
exactly the model used by Adobe clients. (I have been meaning for some
time to write an explanation of why Adobe uses this model; maybe this
thread will finally get me to do that. Then again, maybe not. :^)
But, in any event, it is quite natural in this model for lock tokens to
be persisted by the editing clients that are using the local copy,
because in this model all the editing state (including the lock token
and owner information) is local-disk-specific not process-specific.
Finally, I'm not really sure why Geoff says that delta-V is
specifically better suited than "plain" DAV for use by clients who use
long-term locks. Versioning servers are arguably a better choice than
non-versioning servers for almost all collaborative authoring
applications, delta-V is (of course) a DAV extension, and in fact
delta-V specifically provides for backward compatibility around DAV
locking for non-delta-V clients who wish to get the benefits of
versioning. So I really don't think lock (or checkout) duration has
much to do with the difference between delta-V and DAV.
dan
On Wednesday, September 4, 2002, at 07:28 PM, Clemm, Geoff wrote:
>
> From: Michael Leditschke [mailto:mike@ammd.com.au]
>
> DAV locks are
> supposed to be capable of being held for an extended time.
>
> Only by the process that took out the lock.
>
> I might
> want to lock a resource, edit it for a while locally, then push the
> result back and unlock it again. Are you suggesting this all has
> to be done by the same OS process?
>
> Yes.
>
> What happens if the power goes out and my PC reboots?
>
> The new process needs to obtain its own (new) lock. The old
> lock is cleaned up by a timeout, or if allowed by the server,
> the new process can clean up the old lock with an UNLOCK.
> The new process shouldn't "reuse" the old lock, unless you have
> some way of guaranteeing that two processes cannot both reuse the
> old lock at the same time.
>
> Or perhaps you expect the client to cache locktokens?
>
> Only if the cache has some way of guaranteeing that only one
> process can obtain the cached locktoken.
>
> In my case, it is the same client I'm using to lock and unlock and
> I'm presenting the same credentials to the server. Its a low
> level test program, so I would have thought being able to unlock
> a resource of which I am the owner would be reasonable.
>
> Unlocking is reasonable (unlike "reusing", which is not), but some
> servers do not trust clients to appropriately unlock something they
> didn't lock (since the client can't automatically know that it is
> appropriate to do so, and even if it asks the user, the user can be
> mistaken). Those servers require clients to depend on timeouts.
>
> Cheers,
> Geoff
>
Received on Thursday, 5 September 2002 12:22:24 UTC