Re: 'owner' in dav LOCK request. (Julian Reschke, you out there?)

Ben Collins-Sussman wrote:
>
> On Dec 1, 2004, at 3:28 PM, Julian Reschke wrote:
>
>>
>> That's fine. The DAV:owner element in the lock request is just
>> client-controlled metadata. Servers may associate locks with
>> authenticated users, but in this case, the user information needs to
>> be obtained from the HTTP authentication details, not the LOCK request
>> body.
>>
>
> Okay, so what I'm hearing is that the "owner" field in a DAV lock is
> somewhat of a misnomer: it might be more apt to call it "scratch-notes"
> or something. The RFC requires only that we preserve and return this
> field, should the client choose to send it. The field has nothing
> whatsoever to do with authentication or enforcement.
>
> Is that about right?

Exactly.

> If so, then I guess the best thing to do is create a new field in
> svn_lock_t, and we'll call it "comment". We'll map the DAV:owner
> metadata to this new field. Meanwhile, svn_lock_t->owner will continue
> to be used for "real" enforcement under the hood, and will be directly
> mapped to the authenticated username.

Sounds like the right approach (in our server DAV:owner maps to
something called "client_supplied_owner_information" as opposed to tha
actual user if of the owner which is kept somewhere else).

Julian

-- 
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org