- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sat, 8 Feb 2003 21:13:06 +0100
- To: "Lisa Dusseault" <lisa@xythos.com>, "Webdav WG" <w3c-dist-auth@w3c.org>
> From: w3c-dist-auth-request@w3.org > [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Lisa Dusseault > Sent: Saturday, February 08, 2003 8:42 PM > To: Webdav WG > Subject: Finding out who locked a resource > > > > > One of the things that 2518 didn't try to do, because it had to finish > in finite time, was to specify exactly how a lock owner is shown. One of > the problems was there was no way to identify users. > > Now that Access control exists, there is a way to identify users, and > the problem can be solved much more nicely. I suggest we add an element > "principal-URL" to the lock properties. The element is defined in the > Access control specification, but it would appear inside the "lockinfo" > element as part of the "lockdiscovery" property. This wouldn't > interfere with the "owner" element, which already is used by some > clients. > > My approach would be to add this to access control, since that will > probably get this useful element standardized sooner. "A server MUST > include the principal-URL element inside the lockinfo element of a > lockdiscovery property value, if the LOCK request that created the lock > successfully authenticated as a known principal." Agreed. Are there any security concerns here? The DAV:owner live property is a MUST property as well, so this doesn't seem to be an issue. Julian -- <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Saturday, 8 February 2003 15:14:02 UTC