W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2003

RE: Finding out who locked a resource

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 8 Feb 2003 21:13:06 +0100
To: "Lisa Dusseault" <lisa@xythos.com>, "Webdav WG" <w3c-dist-auth@w3c.org>
Message-ID: <JIEGINCHMLABHJBIGKBCMEOAGGAA.julian.reschke@gmx.de>

> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Lisa Dusseault
> Sent: Saturday, February 08, 2003 8:42 PM
> To: Webdav WG
> Subject: Finding out who locked a resource
> One of the things that 2518 didn't try to do, because it had to finish
> in finite time, was to specify exactly how a lock owner is shown. One of
> the problems was there was no way to identify users.
> Now that Access control exists, there is a way to identify users, and
> the problem can be solved much more nicely.  I suggest we add an element
> "principal-URL" to the lock properties. The element is defined in the
> Access control specification, but it would appear inside the "lockinfo"
> element as part of the "lockdiscovery" property.  This wouldn't
> interfere with the "owner" element, which already is used by some
> clients.
> My approach would be to add this to access control, since that will
> probably get this useful element standardized sooner.  "A server MUST
> include the principal-URL element inside the lockinfo element of a
> lockdiscovery property value, if the LOCK request that created the lock
> successfully authenticated as a known principal."


Are there any security concerns here? The DAV:owner live property is a MUST
property as well, so this doesn't seem to be an issue.


<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Saturday, 8 February 2003 15:14:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:28 UTC