- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 25 Apr 2004 17:00:24 +0200
- To: Webdav WG <w3c-dist-auth@w3c.org>
From <http://www.webdav.org/wg/rfcdev/issues.htm>: IF_AND_AUTH: "The fact that use of authentication credentials with submission of lock tokens is required should be strengthened in the document." and LOCK_SEMANTICS: "At present, the WebDAV specification is not excruciatingly explicit that writing to a locked resource requires the combination of the lock token, plus an authentication principal. At one point, the spec. discusses an “authorized” principal, but “authorized” is never explicitly defined." I'd like to confirm that indeed authentication and the ability to use a given lock token MAY be orthogonal. That is, a server can - restrict usage of the lock token to exactly the principal that was authenticated when the lock was obtained, - restrict usage to the creator as above and a group of other principals that are allowed to "break" the lock (WebDAV ACL DAV:unlock privilege, see <http://greenbytes.de/tech/webdav/draft-ietf-webdav-acl-latest.html#PRIVILEGE_unlock>) or - allow anybody who knows the lock token to use it. I think right now there are servers implementing each of these schemes, and there doesn't seem to be any problem with that. Regards, Julian -- <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Sunday, 25 April 2004 11:01:18 UTC