RE: Finding out who locked a resource

> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Lisa Dusseault
> Sent: Saturday, February 08, 2003 8:42 PM
> To: Webdav WG
> Subject: Finding out who locked a resource
>
>
>
>
> One of the things that 2518 didn't try to do, because it had to finish
> in finite time, was to specify exactly how a lock owner is shown. One of
> the problems was there was no way to identify users.
>
> Now that Access control exists, there is a way to identify users, and
> the problem can be solved much more nicely.  I suggest we add an element
> "principal-URL" to the lock properties. The element is defined in the
> Access control specification, but it would appear inside the "lockinfo"
> element as part of the "lockdiscovery" property.  This wouldn't
> interfere with the "owner" element, which already is used by some
> clients.
>
> My approach would be to add this to access control, since that will
> probably get this useful element standardized sooner.  "A server MUST
> include the principal-URL element inside the lockinfo element of a
> lockdiscovery property value, if the LOCK request that created the lock
> successfully authenticated as a known principal."

Agreed.

Are there any security concerns here? The DAV:owner live property is a MUST
property as well, so this doesn't seem to be an issue.

Julian

--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760

Received on Saturday, 8 February 2003 15:14:02 UTC