Re: Issue 079_UNLOCK_BY_NON_LOCK_OWNER from Lisa Dusseault on 2004-06-21 (w3c-dist-auth@w3.org from April to June 2004)

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Mon, 21 Jun 2004 10:17:28 -0700
To: Julian Reschke <julian.reschke@gmx.de>
Cc: w3c-dist-auth@w3.org
Message-Id: <DF782A84-C3A6-11D8-A549-000A95B2BB72@osafoundation.org>

I'm fine with 1 and 2, but I don't understand problem #3.

What this text attempts to say is that the server SHOULD redirect an 
UNLOCK request to the correct URI if the UNLOCK request has the wrong 
URI for the lock token -- that's the ideal response.  If the server 
can't do that, then as Plan B, the server MAY [or SHOULD?] return a 
simple error.

What's wrong with a specification having a Plan B if the software can't 
do Plan A for some reason?  Returning errors is the typical Plan B 
anyway...

I agree the text needs a little more specifics about what kind of 
redirect -- suggestions?

Lisa

On May 24, 2004, at 7:50 AM, Julian Reschke wrote:

>
> Hi,
>
> while I was looking for the resolution for 
> "079_UNLOCK_BY_NON_LOCK_OWNER", I came across the following text in 
> bis-05:
>
>> 8.12    UNLOCK Method        The UNLOCK method removes the lock 
>> identified by the lock token in    the Lock-Token request header from 
>> the Request-URI and all other    resources included in the lock.  The 
>> root of the lock MUST be named    by the Request-URI, not any other 
>> resource within the scope of the    lock.  Servers SHOULD redirect 
>> the UNLOCK request to the lock root.     Failing that, servers MAY 
>> fail an UNLOCK request to a resource that    is not directly locked 
>> (not the root of the lock) with error code    400 (Bad Request).
>
>
> 1) It should say "...in the Lock-Token request header from the 
> resource identified by the Request-URI and all other resources 
> included in the lock." (old text from RFC2518)
>
> 2) "The root of the lock MUST be named by the Request-URI, not any 
> other resource within the scope of the lock.": What is this supposed 
> to mean? That the Request-URI MUST identify the lock root? I think 
> this needs clarification.
>
> 3) "Servers SHOULD redirect the UNLOCK request to the lock root. 
> Failing that, servers MAY fail an UNLOCK request to a resource that is 
> not directly locked (not the root of the lock) with error code 400 
> (Bad Request).": Again, I'm not sure what this is supposed to mean. If 
> the resource identified by the Request-URI is not the lock root, it 
> seems that the previous statement REQUIRES the server to fail the 
> request, not to do a "redirect" (what kind of redirect would that 
> be?).
>
> Back to issue "079_UNLOCK_BY_NON_LOCK_OWNER":
>
> "Resolved in part by putting it under ACL control: 
> http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0002.html 
> and the response that follows it."
>
> The referenced mailing list entry indicates that we want text to be 
> added to the spec, yet I can't find in in bis-05 (al least not under 
> UNLOCK).
>
> Best regards, Julian
>
> -- 
> <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
>

Received on Monday, 21 June 2004 13:17:47 UTC