Re: RFC2518 issues IF_AND_AUTH and LOCK_SEMANTICS

Lisa Dusseault wrote:

> Julian, just so I make sure there's a clear consensus, was the proposed 
> text OK?
> 
>>>
>>> Servers MAY restrict usage of the lock token to exactly the
>>> authenticated principal who created the lock. Servers MAY also allow
>>> other privileged authenticated principals or even unauthenticated
>>> principals to use the lock token.

Actually I'd make that

"Servers SHOULD restrict usage of the lock token to exactly the 
authenticated principal who created the lock. Servers MAY also allow 
other privileged authenticated principals or even unauthenticated 
principals to use the lock token."

(first MAY -> SHOULD).

> It was my sense that Geoff, Jason and Elias were more or less on board 
> with this but I was confused by your latest reply.

Which one?

> Elias suggested explaining how clients discover how a server handles 
> these design choices, but this mostly codifies how things already work 
> today and we seem to have pretty successful interoperability in this 
> area.  As it stands today, if the server requires authentication and the 
> client didn't provide it, the server responds with a 403 and clients 
> deal with that appropriately.

Agreed.

> Did anybody have any alterations to suggest to this text?

Nothing except the one above.

Best regards, Julian

-- 
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760

Received on Monday, 3 May 2004 13:04:31 UTC