stored on a disk. For this simple case, the URI at which a resource
is accessed is identical to the URI at which the source (the
persistent state) of the resource is accessed. This is also the case
for HTML source files that are not processed by the server prior to
transmission.
However, the server can sometimes process HTML resources before they
are transmitted as a return entity body. For example, a server-
side-include directive within an HTML file might instruct a server to
replace the directive with another value, such as the current date.
In this case, what is returned by GET (HTML plus date) differs from
the persistent state of the resource (HTML plus directive).
Typically there is no way to access the HTML resource containing the
unprocessed directive.
Sometimes the entity returned by GET is the output of a data-
producing process that is described by one or more source resources
(that may not even have a location in the URI namespace). A single
data-producing process may dynamically generate the state of a
potentially large number of output resources. An example of this is
a CGI script that describes a "finger" gateway process that maps part
of the namespace of a server into finger requests, such as
http://www.foo.bar.org/finger_gateway/user@host.
RFC 2518 WEBDAV February 1999
In the absence of distributed authoring capabilities, it is
acceptable to have no mapping of source resource(s) to the URI
namespace. In fact, preventing access to the source resource(s) has
desirable security benefits. However, if remote editing of the
source resource(s) is desired, the source resource(s) should be given
a location in the URI namespace. This source location should not be
one of the locations at which the generated output is retrievable,
since in general it is impossible for the server to differentiate
requests for source resources from requests for process output
resources. There is often a many-to-many relationship between source
resources and output resources.
On WebDAV compliant servers the URI of the source resource(s) may be
stored in a link on the output resource with type DAV:source (see
section 13.10 for a description of the source link property).
Storing the source URIs in links on the output resources places the
burden of discovering the source on the authoring client. Note that
the value of a source link is not guaranteed to point to the correct
source. Source links may break or incorrect values may be entered.
Also note that not all servers will allow the client to set the
source link value. For example a server which generates source links
on the fly for its CGI files will most likely not allow a client to
set the source link value.
6 Locking
The ability to lock a resource provides a mechanism for serializing
access to that resource. Using a lock, an authoring client can
provide a reasonable guarantee that another principal will not modify
a resource while it is being edited. In this way, a client can
prevent the "lost update" problem.
This specification allows locks to vary over two client-specified
parameters, the number of principals involved (exclusive vs. shared)
and the type of access to be granted. This document defines locking
for only one access type, write. However, the syntax is extensible,
and permits the eventual specification of locking for other access
types.
6.1 Exclusive Vs. Shared Locks
The most basic form of lock is an exclusive lock. This is a lock
where the access right in question is only granted to a single
principal. The need for this arbitration results from a desire to
avoid having to merge results.
RFC 2518 WEBDAV February 1999
However, there are times when the goal of a lock is not to exclude
others from exercising an access right but rather to provide a
mechanism for principals to indicate that they intend to exercise
their access rights. Shared locks are provided for this case. A
shared lock allows multiple principals to receive a lock. Hence any
principal with appropriate access can get the lock.
With shared locks there are two trust sets that affect a resource.
The first trust set is created by access permissions. Principals who
are trusted, for example, may have permission to write to the
resource. Among those who have access permission to write to the
=8= |