diff --git a/src/core/commoniface.py b/src/core/commoniface.py
new file mode 100644
index 00000000..d203b330
--- /dev/null
+++ b/src/core/commoniface.py
@@ -0,0 +1,26 @@
+'''
+commoniface.py
+
+common entities used by all storage interfaces for the IOP WOPI server
+
+Author: Giuseppe.LoPresti@cern.ch, CERN/IT-ST
+'''
+
+import time
+import json
+
+# standard file missing message
+ENOENT_MSG = 'No such file or directory'
+
+# standard error thrown when attempting to overwrite a file/xattr in O_EXCL mode
+EXCL_ERROR = 'File exists and islock flag requested'
+
+# standard error thrown when attempting an operation without the required access rights
+ACCESS_ERROR = 'Operation not permitted'
+
+# name of the xattr storing the Reva lock
+LOCKKEY = 'user.iop.lock'
+
+def genrevalock(appname, value):
+    '''Return a JSON-formatted lock compatible with the Reva implementation of the CS3 Lock API'''
+    return json.dumps({'h': appname if appname else 'wopi', 't': int(time.time()), 'md': value})
diff --git a/src/core/cs3iface.py b/src/core/cs3iface.py
index 072b2811..84da2f36 100644
--- a/src/core/cs3iface.py
+++ b/src/core/cs3iface.py
@@ -21,7 +21,7 @@
 import cs3.rpc.v1beta1.code_pb2 as cs3code
 import cs3.types.v1beta1.types_pb2 as types
 
-ENOENT_MSG = 'No such file or directory'
+import core.commoniface as common
 
 # module-wide state
 ctx = {}            # "map" to store some module context: cf. init()
@@ -94,7 +94,7 @@ def stat(endpoint, fileid, userid, versioninv=1):
             'mtime': statInfo.info.mtime.seconds
         }
     ctx['log'].info('msg="Failed stat" inode="%s" reason="%s"' % (fileid, statInfo.status.message.replace('"', "'")))
-    raise IOError(ENOENT_MSG if statInfo.status.code == cs3code.CODE_NOT_FOUND else statInfo.status.message)
+    raise IOError(common.ENOENT_MSG if statInfo.status.code == cs3code.CODE_NOT_FOUND else statInfo.status.message)
 
 
 def statx(endpoint, fileid, userid, versioninv=0):
@@ -148,6 +148,26 @@ def rmxattr(_endpoint, filepath, userid, key):
     ctx['log'].debug('msg="Invoked rmxattr" result="%s"' % res)
 
 
+def setlock(endpoint, filepath, userid, appname, value):
+    '''Set a lock to filepath with the given value metadata and appname as holder'''
+    raise NotImplementedError
+
+
+def getlock(endpoint, filepath, userid, appname):
+    '''Get the lock metadata for the given filepath'''
+    raise NotImplementedError
+
+
+def refreshlock(endpoint, filepath, userid, appname, value):
+    '''Refresh the lock metadata for the given filepath'''
+    raise NotImplementedError
+
+
+def unlock(endpoint, filepath, userid, appname):
+    '''Remove the lock for the given filepath'''
+    raise NotImplementedError
+
+
 def readfile(_endpoint, filepath, userid):
     '''Read a file using the given userid as access token. Note that the function is a generator, managed by Flask.'''
     tstart = time.time()
@@ -156,7 +176,7 @@ def readfile(_endpoint, filepath, userid):
     initfiledownloadres = ctx['cs3stub'].InitiateFileDownload(request=req, metadata=[('x-access-token', userid)])
     if initfiledownloadres.status.code == cs3code.CODE_NOT_FOUND:
         ctx['log'].info('msg="File not found on read" filepath="%s"' % filepath)
-        yield IOError(ENOENT_MSG)
+        yield IOError(common.ENOENT_MSG)
     elif initfiledownloadres.status.code != cs3code.CODE_OK:
         ctx['log'].error('msg="Failed to initiateFileDownload on read" filepath="%s" reason="%s"' %
                          (filepath, initfiledownloadres.status.message.replace('"', "'")))
@@ -239,14 +259,14 @@ def renamefile(_endpoint, filepath, newfilepath, userid):
     ctx['log'].debug('msg="Invoked renamefile" result="%s"' % res)
 
 
-def removefile(_endpoint, filepath, userid, _force=0):
+def removefile(_endpoint, filepath, userid, force=False):
     '''Remove a file using the given userid as access token.
        The force argument is ignored for now for CS3 storage.'''
     reference = cs3spr.Reference(path=filepath)
     req = cs3sp.DeleteRequest(ref=reference)
     res = ctx['cs3stub'].Delete(request=req, metadata=[('x-access-token', userid)])
     if res.status.code != cs3code.CODE_OK:
-        if str(res) == ENOENT_MSG:
+        if str(res) == common.ENOENT_MSG:
             ctx['log'].info('msg="Invoked removefile on non-existing file" filepath="%s"' % filepath)
         else:
             ctx['log'].error('msg="Failed to remove file" filepath="%s" reason="%s"' % (filepath, res.status.message.replace('"', "'")))
diff --git a/src/core/ioplocks.py b/src/core/ioplocks.py
index cd7e33cb..05cd3110 100644
--- a/src/core/ioplocks.py
+++ b/src/core/ioplocks.py
@@ -7,6 +7,7 @@
 import time
 import http
 import core.wopiutils as utils
+import core.commoniface as common
 
 # convenience references to global entities
 st = None
@@ -133,7 +134,7 @@ def createLock(filestat, filename, userid, endpoint):
                  (filename, filestat['inode'], lockid))
         return str(lockid), http.client.OK
     except IOError as e:
-        if 'File exists and islock flag requested' not in str(e):
+        if common.EXCL_ERROR not in str(e):
             # writing failed
             log.error('msg="cboxLock: unable to store LibreOffice-compatible lock file" filename="%s" reason="%s"' %
                       (filename, e))
diff --git a/src/core/localiface.py b/src/core/localiface.py
index 747f9c96..1399ba90 100644
--- a/src/core/localiface.py
+++ b/src/core/localiface.py
@@ -10,6 +10,8 @@
 import os
 import warnings
 from stat import S_ISDIR
+import json
+import core.commoniface as common
 
 # module-wide state
 config = None
@@ -101,6 +103,38 @@ def rmxattr(_endpoint, filepath, _userid, key):
         raise IOError(e)
 
 
+def setlock(endpoint, filepath, _userid, appname, value):
+    '''Set the lock as an xattr on behalf of the given userid'''
+    if not getxattr(endpoint, filepath, '0:0', common.LOCKKEY):
+        # we do not protect from race conditions here
+        setxattr(endpoint, filepath, '0:0', common.LOCKKEY, common.genrevalock(appname, value))
+    else:
+        raise IOError(common.EXCL_ERROR)
+
+
+def getlock(endpoint, filepath, _userid):
+    '''Get the lock metadata as an xattr on behalf of the given userid'''
+    l = getxattr(endpoint, filepath, '0:0', common.LOCKKEY)
+    if l:
+        return json.loads(l)
+    return None
+
+def refreshlock(endpoint, filepath, _userid, appname, value):
+    '''Refresh the lock value as an xattr on behalf of the given userid'''
+    l = getlock(endpoint, filepath, _userid)
+    if not l:
+        raise IOError('File was not locked')
+    if l['h'] != appname and l['h'] != 'wopi':
+        raise IOError('File is locked by %s' % l['h'])
+    # this is non-atomic, but the lock was already held
+    setxattr(endpoint, filepath, '0:0', common.LOCKKEY, common.genrevalock(appname, value))
+
+
+def unlock(endpoint, filepath, _userid, _appname):
+    '''Remove the lock as an xattr on behalf of the given userid'''
+    rmxattr(endpoint, filepath, '0:0', common.LOCKKEY)
+
+
 def readfile(_endpoint, filepath, _userid):
     '''Read a file on behalf of the given userid. Note that the function is a generator, managed by Flask.'''
     log.debug('msg="Invoking readFile" filepath="%s"' % filepath)
@@ -148,7 +182,7 @@ def writefile(_endpoint, filepath, _userid, content, islock=False):
             # as f goes out of scope here, we'd get a false ResourceWarning, which is ignored by the above filter
         except FileExistsError:
             log.info('msg="File exists on write but islock flag requested" filepath="%s"' % filepath)
-            raise IOError('File exists and islock flag requested')
+            raise IOError(common.EXCL_ERROR)
         except OSError as e:
             log.warning('msg="Error writing file in O_EXCL mode" filepath="%s" error="%s"' % (filepath, e))
             raise IOError(e)
@@ -174,7 +208,7 @@ def renamefile(_endpoint, origfilepath, newfilepath, _userid):
         raise IOError(e)
 
 
-def removefile(_endpoint, filepath, _userid, _force=0):
+def removefile(_endpoint, filepath, _userid, force=False):
     '''Remove a file on behalf of the given userid.
          The force argument is irrelevant and ignored for local storage.'''
     try:
diff --git a/src/core/wopi.py b/src/core/wopi.py
index 258a4b8f..6fb65fa6 100644
--- a/src/core/wopi.py
+++ b/src/core/wopi.py
@@ -11,12 +11,13 @@
 import json
 import http.client
 from urllib.parse import quote_plus as url_quote_plus
-from urllib.parse import unquote as url_unquote
 from more_itertools import peekable
 import jwt
 import flask
 import core.wopiutils as utils
+import core.commoniface as common
 
+IO_ERROR = 'I/O Error'
 
 # convenience references to global entities
 st = None
@@ -39,54 +40,57 @@ def checkFileInfo(fileid):
         # compute some entities for the response
         wopiSrc = 'WOPISrc=%s&access_token=%s' % (utils.generateWopiSrc(fileid), flask.request.args['access_token'])
         # populate metadata for this file
-        filemd = {}
-        filemd['BaseFileName'] = filemd['BreadcrumbDocName'] = os.path.basename(acctok['filename'])
+        fmd = {}
+        fmd['BaseFileName'] = fmd['BreadcrumbDocName'] = os.path.basename(acctok['filename'])
         furl = acctok['folderurl']
         # encode the path part as it is going to be an URL GET argument
-        filemd['BreadcrumbFolderUrl'] = furl[:furl.find('=')+1] + url_quote_plus(furl[furl.find('=')+1:]) if furl != '/' else ''
+        fmd['BreadcrumbFolderUrl'] = furl[:furl.find('=')+1] + url_quote_plus(furl[furl.find('=')+1:]) if furl != '/' else ''
         if acctok['username'] == '':
-            filemd['UserFriendlyName'] = 'Guest ' + utils.randomString(3)
+            fmd['UserFriendlyName'] = 'Guest ' + utils.randomString(3)
             if '?path' in furl and furl[-1] != '/' and furl[-1] != '=':
                 # this is a subfolder of a public share, show it
-                filemd['BreadcrumbFolderName'] = 'Back to ' + furl[furl.find('?path'):].split('/')[-1]
+                fmd['BreadcrumbFolderName'] = 'Back to ' + furl[furl.find('?path'):].split('/')[-1]
             else:
                 # this is the top level public share, which is anonymous
-                filemd['BreadcrumbFolderName'] = 'Back to the public share'
+                fmd['BreadcrumbFolderName'] = 'Back to the public share'
         else:
-            filemd['UserFriendlyName'] = acctok['username']
-            filemd['BreadcrumbFolderName'] = 'Back to ' + os.path.dirname(acctok['filename'])
+            fmd['UserFriendlyName'] = acctok['username']
+            fmd['BreadcrumbFolderName'] = 'Back to ' + os.path.dirname(acctok['filename'])
         if furl == '/':    # if no target folder URL was given, override the above and completely hide it
-            filemd['BreadcrumbFolderName'] = ''
+            fmd['BreadcrumbFolderName'] = ''
         if acctok['viewmode'] in (utils.ViewMode.READ_ONLY, utils.ViewMode.READ_WRITE):
-            filemd['DownloadUrl'] = '%s?access_token=%s' % \
+            fmd['DownloadUrl'] = '%s?access_token=%s' % \
                                     (srv.config.get('general', 'downloadurl'), flask.request.args['access_token'])
-        filemd['OwnerId'] = statInfo['ownerid']
-        filemd['UserId'] = acctok['wopiuser']     # typically same as OwnerId; different when accessing shared documents
-        filemd['Size'] = statInfo['size']
+        fmd['OwnerId'] = statInfo['ownerid']
+        fmd['UserId'] = acctok['wopiuser']     # typically same as OwnerId; different when accessing shared documents
+        fmd['Size'] = statInfo['size']
         # TODO the version is generated like this in ownCloud: 'V' . $file->getEtag() . \md5($file->getChecksum());
-        filemd['Version'] = statInfo['mtime']   # mtime is used as version here
-        filemd['SupportsExtendedLockLength'] = filemd['SupportsGetLock'] = True
-        filemd['SupportsUpdate'] = filemd['UserCanWrite'] = filemd['SupportsLocks'] = \
-            filemd['SupportsDeleteFile'] = acctok['viewmode'] == utils.ViewMode.READ_WRITE
-        filemd['UserCanNotWriteRelative'] = acctok['viewmode'] != utils.ViewMode.READ_WRITE
-        filemd['HostViewUrl'] = '%s%s%s' % (acctok['appviewurl'], '&' if '?' in acctok['appviewurl'] else '?', wopiSrc)
-        filemd['HostEditUrl'] = '%s%s%s' % (acctok['appediturl'], '&' if '?' in acctok['appediturl'] else '?', wopiSrc)
-        filemd['SupportsRename'] = filemd['UserCanRename'] = enablerename and utils.ViewMode.READ_WRITE
+        fmd['Version'] = statInfo['mtime']   # mtime is used as version here
+        fmd['SupportsExtendedLockLength'] = fmd['SupportsGetLock'] = True
+        fmd['SupportsUpdate'] = fmd['UserCanWrite'] = fmd['SupportsLocks'] = \
+            fmd['SupportsDeleteFile'] = acctok['viewmode'] == utils.ViewMode.READ_WRITE
+        fmd['UserCanNotWriteRelative'] = acctok['viewmode'] != utils.ViewMode.READ_WRITE
+        fmd['HostViewUrl'] = '%s%s%s' % (acctok['appviewurl'], '&' if '?' in acctok['appviewurl'] else '?', wopiSrc)
+        fmd['HostEditUrl'] = '%s%s%s' % (acctok['appediturl'], '&' if '?' in acctok['appediturl'] else '?', wopiSrc)
+        fmd['SupportsRename'] = fmd['UserCanRename'] = enablerename and utils.ViewMode.READ_WRITE
         # populate app-specific metadata
         if acctok['appname'].find('Microsoft') > 0:
             # the following is to enable the 'Edit in Word/Excel/PowerPoint' (desktop) action (probably broken)
             try:
-                filemd['ClientUrl'] = srv.config.get('general', 'webdavurl') + '/' + acctok['filename']
+                fmd['ClientUrl'] = srv.config.get('general', 'webdavurl') + '/' + acctok['filename']
             except configparser.NoOptionError:
                 # if no WebDAV URL is provided, ignore this setting
                 pass
         # extensions for Collabora Online
-        filemd['EnableOwnerTermination'] = True
-        filemd['DisableExport'] = filemd['DisableCopy'] = filemd['DisablePrint'] = acctok['viewmode'] == utils.ViewMode.VIEW_ONLY
-        #filemd['LastModifiedTime'] = datetime.fromtimestamp(int(statInfo['mtime'])).isoformat()   # this currently breaks
+        fmd['EnableOwnerTermination'] = True
+        fmd['DisableExport'] = fmd['DisableCopy'] = fmd['DisablePrint'] = acctok['viewmode'] == utils.ViewMode.VIEW_ONLY
+        #fmd['LastModifiedTime'] = datetime.fromtimestamp(int(statInfo['mtime'])).isoformat()   # this currently breaks
 
-        log.info('msg="File metadata response" token="%s" metadata="%s"' % (flask.request.args['access_token'][-20:], filemd))
-        return flask.Response(json.dumps(filemd), mimetype='application/json')
+        res = flask.Response(json.dumps(fmd), mimetype='application/json')
+        # amend sensitive metadata for the logs
+        fmd['HostViewUrl'] = fmd['HostEditUrl'] = fmd['DownloadUrl'] = '_amended_'
+        log.info('msg="File metadata response" token="%s" metadata="%s"' % (flask.request.args['access_token'][-20:], fmd))
+        return res
     except IOError as e:
         log.info('msg="Requested file not found" filename="%s" token="%s" error="%s"' %
                  (acctok['filename'], flask.request.args['access_token'][-20:], e))
@@ -130,40 +134,6 @@ def getFile(fileid):
 #
 # The following operations are all called on POST /wopi/files/<fileid>
 #
-def unlock(fileid, reqheaders, acctok, force=False):
-    '''Implements the Unlock WOPI call'''
-    lock = reqheaders['X-WOPI-Lock']
-    retrievedLock = utils.retrieveWopiLock(fileid, 'UNLOCK', lock, acctok)
-    if not force and not utils.compareWopiLocks(retrievedLock, lock):
-        return utils.makeConflictResponse('UNLOCK', retrievedLock, lock, '', acctok['filename'])
-    # OK, the lock matches. Remove any extended attribute related to locks and conflicts handling
-    try:
-        st.removefile(acctok['endpoint'], utils.getLockName(acctok['filename']), acctok['userid'], 1)
-    except IOError:
-        # ignore, it's not worth to report anything here
-        pass
-    try:
-        st.rmxattr(acctok['endpoint'], acctok['filename'], acctok['userid'], utils.LASTSAVETIMEKEY)
-    except IOError:
-        # same as above
-        pass
-    try:
-        # also remove the LibreOffice-compatible lock file when relevant
-        if os.path.splitext(acctok['filename'])[1] not in srv.nonofficetypes:
-            st.removefile(acctok['endpoint'], utils.getLibreOfficeLockName(acctok['filename']), acctok['userid'], 1)
-    except IOError:
-        # same as above
-        pass
-    # and update our internal list of opened files
-    if not force:
-        try:
-            del srv.openfiles[acctok['filename']]
-        except KeyError:
-            # already removed?
-            pass
-    return 'OK', http.client.OK
-
-
 def setLock(fileid, reqheaders, acctok):
     '''Implements the Lock, RefreshLock, and UnlockAndRelock WOPI calls'''
     # cf. http://wopi.readthedocs.io/projects/wopirest/en/latest/files/Lock.html
@@ -171,10 +141,10 @@ def setLock(fileid, reqheaders, acctok):
     lock = reqheaders['X-WOPI-Lock']
     oldLock = reqheaders.get('X-WOPI-OldLock')
     validateTarget = reqheaders.get('X-WOPI-Validate-Target')
-    retrievedLock = utils.retrieveWopiLock(fileid, op, lock, acctok)
+    retrievedLock, _ = utils.retrieveWopiLock(fileid, op, lock, acctok)
 
     # perform the required checks for the validity of the new lock
-    if not retrievedLock and op == 'REFRESH_LOCK':
+    if op == 'REFRESH_LOCK' and not retrievedLock:
         if validateTarget:
             # this is an extension of the API: a REFRESH_LOCK without previous lock but with a Validate-Target header
             # is allowed provided that the target file was last saved by WOPI and not overwritten by external actions,
@@ -185,47 +155,23 @@ def setLock(fileid, reqheaders, acctok):
         if not savetime or not savetime.isdigit():
             return utils.makeConflictResponse(op, '', lock, oldLock, acctok['filename'],
                                               'The file was not locked' + ' and got modified' if validateTarget else '')
-    if retrievedLock and not utils.compareWopiLocks(retrievedLock, (oldLock if oldLock else lock)):
-        return utils.makeConflictResponse(op, retrievedLock, lock, oldLock, acctok['filename'], \
-                                          'The file was locked by another online editor')
 
-    # LOCK or REFRESH_LOCK: set the lock to the given one, including the expiration time
+    # LOCK or REFRESH_LOCK: atomically set the lock to the given one, including the expiration time,
+    # and return conflict response if the file was already locked
     try:
-        utils.storeWopiLock(op, lock, acctok, os.path.splitext(acctok['filename'])[1] not in srv.nonofficetypes)
+        return utils.storeWopiLock(fileid, op, lock, oldLock, acctok, \
+                                   os.path.splitext(acctok['filename'])[1] not in srv.nonofficetypes)
     except IOError as e:
-        if utils.EXCL_ERROR in str(e):
-            # this file was already locked externally: storeWopiLock looks at LibreOffice-compatible locks
-            return utils.makeConflictResponse(op, 'External App', lock, oldLock, acctok['filename'], \
-                                              'The file was locked by another application')
-        if 'No such file or directory' in str(e):
-            # the file got renamed/deleted: this is equivalent to a conflict
-            return utils.makeConflictResponse(op, 'External App', lock, oldLock, acctok['filename'], \
-                                              'The file got moved or deleted')
-        # any other failure
-        return str(e), http.client.INTERNAL_SERVER_ERROR
-    if not retrievedLock:
-        # on first lock, set an xattr with the current time for later conflicts checking
-        try:
-            st.setxattr(acctok['endpoint'], acctok['filename'], acctok['userid'], utils.LASTSAVETIMEKEY, int(time.time()))
-        except IOError as e:
-            # not fatal, but will generate a conflict file later on, so log a warning
-            log.warning('msg="Unable to set lastwritetime xattr" user="%s" filename="%s" token="%s" reason="%s"' %
-                        (acctok['userid'][-20:], acctok['filename'], flask.request.args['access_token'][-20:], e))
-        # also, keep track of files that have been opened for write: this is for statistical purposes only
-        # (cf. the GetLock WOPI call and the /wopi/cbox/open/list action)
-        if acctok['filename'] not in srv.openfiles:
-            srv.openfiles[acctok['filename']] = (time.asctime(), set([acctok['username']]))
-        else:
-            # the file was already opened but without lock: this happens on new files (cf. editnew action), just log
-            log.info('msg="First lock for new file" user="%s" filename="%s" token="%s"' %
-                     (acctok['userid'][-20:], acctok['filename'], flask.request.args['access_token'][-20:]))
-    return 'OK', http.client.OK
+        # expected failures are handled in storeWopiLock
+        log.error('msg="%s: unable to store WOPI lock" filename="%s" token="%s" lock="%s" reason="%s"' %
+                  (op.title(), acctok['filename'], flask.request.args['access_token'][-20:], lock, e))
+        return IO_ERROR, http.client.INTERNAL_SERVER_ERROR
 
 
 def getLock(fileid, _reqheaders_unused, acctok):
     '''Implements the GetLock WOPI call'''
     resp = flask.Response()
-    lock = utils.retrieveWopiLock(fileid, 'GETLOCK', '', acctok)
+    lock, _ = utils.retrieveWopiLock(fileid, 'GETLOCK', '', acctok)
     resp.status_code = http.client.OK if lock else http.client.NOT_FOUND
     if lock:
         resp.headers['X-WOPI-Lock'] = lock
@@ -257,6 +203,34 @@ def getLock(fileid, _reqheaders_unused, acctok):
     return resp
 
 
+def unlock(fileid, reqheaders, acctok):
+    '''Implements the Unlock WOPI call'''
+    lock = reqheaders['X-WOPI-Lock']
+    retrievedLock, _ = utils.retrieveWopiLock(fileid, 'UNLOCK', lock, acctok)
+    if not utils.compareWopiLocks(retrievedLock, lock):
+        return utils.makeConflictResponse('UNLOCK', retrievedLock, lock, '', acctok['filename'])
+    # OK, the lock matches. Remove any extended attribute related to locks and conflicts handling
+    try:
+        st.unlock(acctok['endpoint'], acctok['filename'], acctok['userid'], acctok['appname'])
+    except IOError:
+        # ignore, it's not worth to report anything here
+        pass
+    try:
+        # also remove the LibreOffice-compatible lock file when relevant
+        if os.path.splitext(acctok['filename'])[1] not in srv.nonofficetypes:
+            st.removefile(acctok['endpoint'], utils.getLibreOfficeLockName(acctok['filename']), acctok['userid'], force=True)
+    except IOError:
+        # same as above
+        pass
+    # and update our internal list of opened files
+    try:
+        del srv.openfiles[acctok['filename']]
+    except KeyError:
+        # already removed?
+        pass
+    return 'OK', http.client.OK
+
+
 def putRelative(fileid, reqheaders, acctok):
     '''Implements the PutRelative WOPI call. Corresponds to the 'Save as...' menu entry.'''
     # cf. http://wopi.readthedocs.io/projects/wopirest/en/latest/files/PutRelativeFile.html
@@ -298,7 +272,7 @@ def putRelative(fileid, reqheaders, acctok):
         try:
             # check for file existence + lock
             fileExists = st.stat(acctok['endpoint'], relTarget, acctok['userid'])
-            retrievedTargetLock = utils.retrieveWopiLock(fileid, 'PUT_RELATIVE', None, acctok, overridefilename=relTarget)
+            retrievedTargetLock, _ = utils.retrieveWopiLock(fileid, 'PUT_RELATIVE', None, acctok, overridefilename=relTarget)
         except IOError:
             fileExists = False
         if fileExists and (not overwriteTarget or retrievedTargetLock):
@@ -308,11 +282,11 @@ def putRelative(fileid, reqheaders, acctok):
         targetName = relTarget
     # either way, we now have a targetName to save the file: attempt to do so
     try:
-        utils.storeWopiFile(flask.request, acctok, utils.LASTSAVETIMEKEY, targetName)
+        utils.storeWopiFile(flask.request, None, acctok, utils.LASTSAVETIMEKEY, targetName)
     except IOError as e:
         log.info('msg="Error writing file" filename="%s" token="%s" error="%s"' %
                  (targetName, flask.request.args['access_token'][-20:], e))
-        return 'I/O Error', http.client.INTERNAL_SERVER_ERROR
+        return IO_ERROR, http.client.INTERNAL_SERVER_ERROR
     # generate an access token for the new file
     log.info('msg="PutRelative: generating new access token" user="%s" filename="%s" ' \
              'mode="ViewMode.READ_WRITE" friendlyname="%s"' %
@@ -334,7 +308,7 @@ def putRelative(fileid, reqheaders, acctok):
 
 def deleteFile(fileid, _reqheaders_unused, acctok):
     '''Implements the DeleteFile WOPI call'''
-    retrievedLock = utils.retrieveWopiLock(fileid, 'DELETE', '', acctok)
+    retrievedLock, _ = utils.retrieveWopiLock(fileid, 'DELETE', '', acctok)
     if retrievedLock is not None:
         # file is locked and cannot be deleted
         return utils.makeConflictResponse('DELETE', retrievedLock, '', '', acctok['filename'])
@@ -343,14 +317,14 @@ def deleteFile(fileid, _reqheaders_unused, acctok):
         return 'OK', http.client.OK
     except IOError as e:
         log.info('msg="DeleteFile" token="%s" error="%s"' % (flask.request.args['access_token'][-20:], e))
-        return 'Internal error', http.client.INTERNAL_SERVER_ERROR
+        return IO_ERROR, http.client.INTERNAL_SERVER_ERROR
 
 
 def renameFile(fileid, reqheaders, acctok):
     '''Implements the RenameFile WOPI call.'''
     targetName = reqheaders['X-WOPI-RequestedName']
     lock = reqheaders['X-WOPI-Lock'] if 'X-WOPI-Lock' in reqheaders else None
-    retrievedLock = utils.retrieveWopiLock(fileid, 'RENAMEFILE', lock, acctok)
+    retrievedLock, _ = utils.retrieveWopiLock(fileid, 'RENAMEFILE', lock, acctok)
     if retrievedLock is not None and not utils.compareWopiLocks(retrievedLock, lock):
         return utils.makeConflictResponse('RENAMEFILE', retrievedLock, lock, '', acctok['filename'])
     try:
@@ -360,8 +334,6 @@ def renameFile(fileid, reqheaders, acctok):
                  (acctok['userid'][-20:], acctok['filename'], flask.request.args['access_token'][-20:], targetName))
         st.renamefile(acctok['endpoint'], acctok['filename'], targetName, acctok['userid'])
         # also rename the locks
-        st.renamefile(acctok['endpoint'], utils.getLockName(acctok['filename']), \
-                      utils.getLockName(targetName), acctok['userid'])
         if os.path.splitext(acctok['filename'])[1] not in srv.nonofficetypes:
             st.renamefile(acctok['endpoint'], utils.getLibreOfficeLockName(acctok['filename']), \
                           utils.getLibreOfficeLockName(targetName), acctok['userid'])
@@ -392,7 +364,7 @@ def _createNewFile(fileid, acctok):
         return 'File exists', http.client.CONFLICT
     except IOError:
         # indeed the file did not exist, so we write it for the first time
-        utils.storeWopiFile(flask.request, acctok, utils.LASTSAVETIMEKEY)
+        utils.storeWopiFile(flask.request, None, acctok, utils.LASTSAVETIMEKEY)
         log.info('msg="File stored successfully" action="editnew" user="%s" filename="%s" token="%s"' %
                  (acctok['userid'][-20:], acctok['filename'], flask.request.args['access_token'][-20:]))
         # and we keep track of it as an open file with timestamp = Epoch, despite not having any lock yet.
@@ -413,13 +385,14 @@ def putFile(fileid):
             return _createNewFile(fileid, acctok)
         # otherwise, check that the caller holds the current lock on the file
         lock = flask.request.headers['X-WOPI-Lock']
-        retrievedLock = utils.retrieveWopiLock(fileid, 'PUTFILE', lock, acctok)
+        retrievedLock, lockHolder = utils.retrieveWopiLock(fileid, 'PUTFILE', lock, acctok)
         if retrievedLock is None:
             return utils.makeConflictResponse('PUTFILE', retrievedLock, lock, '', acctok['filename'], \
                                               'Cannot overwrite unlocked file')
         if not utils.compareWopiLocks(retrievedLock, lock):
             return utils.makeConflictResponse('PUTFILE', retrievedLock, lock, '', acctok['filename'], \
-                                              'Cannot overwrite file locked by another application')
+                                              'Cannot overwrite file locked by %s' % \
+                                               (lockHolder if lockHolder != 'wopi' else 'another application'))
         # OK, we can save the file now
         log.info('msg="PutFile" user="%s" filename="%s" fileid="%s" action="edit" token="%s"' %
                  (acctok['userid'][-20:], acctok['filename'], fileid, flask.request.args['access_token'][-20:]))
@@ -444,7 +417,14 @@ def putFile(fileid):
             newname, ext = os.path.splitext(acctok['filename'])
             # !!! typical EFSS formats are like '<filename>_conflict-<date>-<time>', but they're not synchronized back !!!
             newname = '%s-webconflict-%s%s' % (newname, time.strftime('%Y%m%d-%H'), ext.strip())
-            utils.storeWopiFile(flask.request, acctok, utils.LASTSAVETIMEKEY, newname)
+            try:
+                utils.storeWopiFile(flask.request, retrievedLock, acctok, utils.LASTSAVETIMEKEY, newname)
+            except IOError as e:
+                if common.ACCESS_ERROR in str(e):
+                    # let's try the user's home instead of the current folder
+                    newname = utils.getuserhome(acctok['username']) + os.path.sep + os.path.basename(newname)
+                    utils.storeWopiFile(flask.request, retrievedLock, acctok, utils.LASTSAVETIMEKEY, newname)
+
             # keep track of this action in the original file's xattr, to avoid looping (see below)
             st.setxattr(acctok['endpoint'], acctok['filename'], acctok['userid'], utils.LASTSAVETIMEKEY, 0)
             log.info('msg="Conflicting copy created" user="%s" savetime="%s" lastmtime="%s" newfilename="%s" token="%s"' %
@@ -456,7 +436,7 @@ def putFile(fileid):
         # Go for overwriting the file. Note that the entire check+write operation should be atomic,
         # but the previous check still gives the opportunity of a race condition. We just live with it.
         # Anyhow, the EFSS should support versioning for such cases.
-        utils.storeWopiFile(flask.request, acctok, utils.LASTSAVETIMEKEY)
+        utils.storeWopiFile(flask.request, retrievedLock, acctok, utils.LASTSAVETIMEKEY)
         log.info('msg="File stored successfully" action="edit" user="%s" filename="%s" token="%s"' %
                  (acctok['userid'][-20:], acctok['filename'], flask.request.args['access_token'][-20:]))
         return 'OK', http.client.OK
@@ -469,4 +449,4 @@ def putFile(fileid):
     except IOError as e:
         log.error('msg="Error writing file" filename="%s" token="%s" error="%s"' %
                   (acctok['filename'], flask.request.args['access_token'], e))
-        return 'I/O Error', http.client.INTERNAL_SERVER_ERROR
+        return IO_ERROR, http.client.INTERNAL_SERVER_ERROR
diff --git a/src/core/wopiutils.py b/src/core/wopiutils.py
index 0dea2d46..f45e1033 100644
--- a/src/core/wopiutils.py
+++ b/src/core/wopiutils.py
@@ -8,7 +8,6 @@
 import os
 import time
 import traceback
-import hashlib
 import json
 from enum import Enum
 from random import choice
@@ -17,12 +16,11 @@
 import http.client
 import flask
 import jwt
+import core.commoniface as common
 
 # this is the xattr key used for conflicts resolution on the remote storage
 LASTSAVETIMEKEY = 'iop.wopi.lastwritetime'
 
-# standard error thrown when attempting to overwrite a file in O_EXCL mode
-EXCL_ERROR = 'File exists and islock flag requested'
 
 # convenience references to global entities
 st = None
@@ -160,30 +158,18 @@ def generateAccessToken(userid, fileid, viewmode, user, folderurl, endpoint, app
     return statinfo['inode'], acctok
 
 
-def getLockName(filename):
-    '''Generates a hidden filename used to store the WOPI locks'''
-    if srv.lockpath:
-        lockfile = filename.split("/files/", 1)[0] + srv.lockpath + 'wopilock.' + \
-                                  hashlib.sha1(filename).hexdigest() + '.' + os.path.basename(filename)
-    else:
-        lockfile = os.path.dirname(filename) + os.path.sep + '.sys.wopilock.' + os.path.basename(filename) + '.'
-    return lockfile
-
-
 def retrieveWopiLock(fileid, operation, lock, acctok, overridefilename=None):
-    '''Retrieves and logs an existing lock for a given file'''
+    '''Retrieves and logs a lock for a given file: returns the lock and its holder, or (None, None) if missing'''
     encacctok = flask.request.args['access_token'][-20:] if 'access_token' in flask.request.args else 'N/A'
-    lockcontent = b''
-    for line in st.readfile(acctok['endpoint'], getLockName(overridefilename if overridefilename else acctok['filename']),
-                            acctok['userid']):
-        if isinstance(line, IOError):
-            return None         # no pre-existing lock found, or error attempting to read it: assume it does not exist
-        # the following check is necessary as it happens to get a str instead of bytes
-        lockcontent += line if isinstance(line, type(lockcontent)) else line.encode()
+    lockcontent = st.getlock(acctok['endpoint'], overridefilename if overridefilename else acctok['filename'], acctok['userid'])
+    if not lockcontent:
+        log.info('msg="%s" user="%s" filename="%s" token="%s" error="No lock found"' %
+                 (operation.title(), acctok['userid'][-20:], acctok['filename'], encacctok))
+        return None, None
     try:
         # check validity: a lock is deemed expired if the most recent between its expiration time and the last
         # save time by WOPI has passed
-        retrievedLock = jwt.decode(lockcontent, srv.wopisecret, algorithms=['HS256'])
+        retrievedLock = jwt.decode(lockcontent['md'], srv.wopisecret, algorithms=['HS256'])
         savetime = st.getxattr(acctok['endpoint'], acctok['filename'], acctok['userid'], LASTSAVETIMEKEY)
         if max(0 if 'exp' not in retrievedLock else retrievedLock['exp'],
                0 if not savetime else int(savetime) + srv.config.getint('general', 'wopilockexpiration')) < time.time():
@@ -195,7 +181,7 @@ def retrieveWopiLock(fileid, operation, lock, acctok, overridefilename=None):
                     'exception="%s"' % (operation.title(), acctok['userid'][-20:], acctok['filename'], encacctok, type(e)))
         # the retrieved lock is not valid any longer, discard and remove it from the backend
         try:
-            st.removefile(acctok['endpoint'], getLockName(acctok['filename']), acctok['userid'], 1)
+            st.unlock(acctok['endpoint'], acctok['filename'], acctok['userid'], acctok['appname'])
         except IOError:
             # ignore, it's not worth to report anything here
             pass
@@ -209,34 +195,43 @@ def retrieveWopiLock(fileid, operation, lock, acctok, overridefilename=None):
         except (IOError, StopIteration) as e:
             log.warning('msg="Unable to delete the LibreOffice-compatible lock file" error="%s"' %
                         ('empty lock' if isinstance(e, StopIteration) else str(e)))
-        return None
-    log.info('msg="%s" user="%s" filename="%s" fileid="%s" lock="%s" retrievedLock="%s" expTime="%s" token="%s"' %
+        return None, None
+    log.info('msg="%s" user="%s" filename="%s" fileid="%s" lock="%s" retrievedlock="%s" expTime="%s" token="%s"' %
              (operation.title(), acctok['userid'][-20:], acctok['filename'], fileid, lock, retrievedLock['wopilock'],
               time.strftime('%Y-%m-%dT%H:%M:%S', time.localtime(retrievedLock['exp'])), encacctok))
-    return retrievedLock['wopilock']
+    return retrievedLock['wopilock'], lockcontent['h']
+
+
+def _makeLock(lock):
+    '''Generates the lock payload given the raw data'''
+    lockcontent = {}
+    lockcontent['wopilock'] = lock
+    # append or overwrite the expiration time
+    lockcontent['exp'] = int(time.time()) + srv.config.getint('general', 'wopilockexpiration')
+    return jwt.encode(lockcontent, srv.wopisecret, algorithm='HS256')
 
 
-def storeWopiLock(operation, lock, acctok, isoffice):
-    '''Stores the lock for a given file in the form of an encoded JSON string (cf. the access token)'''
+def storeWopiLock(fileid, operation, lock, oldlock, acctok, isoffice):
+    '''Stores the lock for a given file in the form of an encoded JSON string'''
     try:
         # validate that the underlying file is still there (it might have been moved/deleted)
         st.stat(acctok['endpoint'], acctok['filename'], acctok['userid'])
     except IOError as e:
         log.warning('msg="%s: target file not found any longer" filename="%s" token="%s" reason="%s"' %
                     (operation.title(), acctok['filename'], flask.request.args['access_token'][-20:], e))
-        raise
+        return makeConflictResponse(operation, 'External App', lock, oldlock, acctok['filename'], \
+                                    'The file got moved or deleted')
 
     if isoffice:
         try:
             # first try to look for a MS Office lock
             lockstat = st.stat(acctok['endpoint'], getMicrosoftOfficeLockName(acctok['filename']), acctok['userid'])
-            log.info('msg="WOPI lock denied because of an existing Microsoft Office lock" filename="%s" mtime="%ld"' %
-                     (acctok['filename'], lockstat['mtime']))
-            raise IOError(EXCL_ERROR)
-        except IOError as e:
-            if EXCL_ERROR in str(e):
-                raise
-            #else any other error is ignored here, move on
+            log.info('msg="WOPI lock denied because of an existing Microsoft Office lock" filename="%s" fileid="%s" mtime="%ld"' %
+                     (acctok['filename'], fileid, lockstat['mtime']))
+            return makeConflictResponse(operation, 'External App', lock, oldlock, acctok['filename'], \
+                                        'The file was locked by a Microsoft Office user')    # TODO resolve lockstat['ownerid']
+        except IOError:
+            pass      # any other error is ignored here, move on
 
         try:
             # then create a LibreOffice-compatible lock file for interoperability purposes, making sure to
@@ -246,48 +241,81 @@ def storeWopiLock(operation, lock, acctok, isoffice):
             st.writefile(acctok['endpoint'], getLibreOfficeLockName(acctok['filename']), acctok['userid'], \
                          lockcontent, islock=True)
         except IOError as e:
-            if EXCL_ERROR in str(e):
+            if common.EXCL_ERROR in str(e):
                 # retrieve the LibreOffice-compatible lock just found
                 try:
-                    retrievedlock = next(st.readfile(acctok['endpoint'], \
-                                         getLibreOfficeLockName(acctok['filename']), acctok['userid']))
-                    if isinstance(retrievedlock, IOError):
-                        raise retrievedlock
-                    retrievedlock = retrievedlock.decode('UTF-8')
+                    retrievedlolock = next(st.readfile(acctok['endpoint'], \
+                                           getLibreOfficeLockName(acctok['filename']), acctok['userid']))
+                    if isinstance(retrievedlolock, IOError):
+                        raise retrievedlolock
+                    retrievedlolock = retrievedlolock.decode('UTF-8')
                     # check that the lock is not stale
-                    if datetime.strptime(retrievedlock.split(',')[3], '%d.%m.%Y %H:%M').timestamp() + \
+                    if datetime.strptime(retrievedlolock.split(',')[3], '%d.%m.%Y %H:%M').timestamp() + \
                                          srv.config.getint('general', 'wopilockexpiration') < time.time():
-                        retrievedlock = 'WOPIServer'
+                        retrievedlolock = 'WOPIServer'
                 except (IOError, StopIteration, IndexError, ValueError) as e:
-                    retrievedlock = 'WOPIServer'     # could not read the lock, assume it expired
-                if 'WOPIServer' not in retrievedlock:
+                    retrievedlolock = 'WOPIServer'     # could not read the lock, assume it expired and take ownership
+                if 'WOPIServer' not in retrievedlolock:
                     # the file was externally locked, make this call fail
+                    lockholder = retrievedlolock.split(',')[1] if ',' in retrievedlolock else ''
                     log.warning('msg="WOPI lock denied because of an existing LibreOffice lock" filename="%s" holder="%s"' %
-                                (acctok['filename'], retrievedlock.split(',')[1] if ',' in retrievedlock else retrievedlock))
-                    raise
+                                (acctok['filename'], lockholder if lockholder else retrievedlolock))
+                    return makeConflictResponse(operation, 'External App', lock, oldlock, acctok['filename'], \
+                        'The file was locked by ' + ((lockholder + ' via LibreOffice') if lockholder else 'a LibreOffice user'))
                 #else it's our previous lock or it had expired: all right, move on
+            elif common.ACCESS_ERROR in str(e):
+                # user has no access to the lock file, typically because of accessing a single-file share:
+                # in this case, stat the lock and if it exists assume it is valid (i.e. raise error)
+                try:
+                    lockstat = st.stat(acctok['endpoint'], getLibreOfficeLockName(acctok['filename']), acctok['userid'])
+                    log.info('msg="WOPI lock denied because of an existing LibreOffice lock" filename="%s" mtime="%ld"' %
+                             (acctok['filename'], lockstat['mtime']))
+                    return makeConflictResponse(operation, 'External App', lock, oldlock, acctok['filename'], \
+                                                'The file was locked by a LibreOffice user')   # TODO resolve lockstat['ownerid']
+                except IOError as e:
+                    pass      # lock not found, assume we're clear
             else:
-                # any other error is logged and raised
-                log.error('msg="%s: unable to store LibreOffice-compatible lock" filename="%s" token="%s" lock="%s" reason="%s"' %
-                          (operation.title(), acctok['filename'], flask.request.args['access_token'][-20:], lock, e))
-                raise
+                # any other error is logged but not raised as this is optimistically not blocking WOPI operations
+                log.warning('msg="%s: unable to store LibreOffice-compatible lock" filename="%s" token="%s" lock="%s" reason="%s"' %
+                            (operation.title(), acctok['filename'], flask.request.args['access_token'][-20:], lock, e))
 
     try:
-        # now store the lock as encoded JWT: note that we do not use islock=True, because the WOPI specs require
-        # this operation to be essentially idempotent, so it should not fail if the lock was there or is being
-        # created by another thread.
-        lockcontent = {}
-        lockcontent['wopilock'] = lock
-        # append or overwrite the expiration time
-        lockcontent['exp'] = int(time.time()) + srv.config.getint('general', 'wopilockexpiration')
-        st.writefile(acctok['endpoint'], getLockName(acctok['filename']), acctok['userid'], \
-                     jwt.encode(lockcontent, srv.wopisecret, algorithm='HS256'))
+        # now atomically store the lock as encoded JWT
+        st.setlock(acctok['endpoint'], acctok['filename'], acctok['userid'], acctok['appname'], _makeLock(lock))
         log.info('msg="%s" filename="%s" token="%s" lock="%s" result="success"' %
                  (operation.title(), acctok['filename'], flask.request.args['access_token'][-20:], lock))
+
+        # on first lock, set an xattr with the current time for later conflicts checking
+        try:
+            st.setxattr(acctok['endpoint'], acctok['filename'], acctok['userid'], LASTSAVETIMEKEY, int(time.time()))
+        except IOError as e:
+            # not fatal, but will generate a conflict file later on, so log a warning
+            log.warning('msg="Unable to set lastwritetime xattr" user="%s" filename="%s" token="%s" reason="%s"' %
+                        (acctok['userid'][-20:], acctok['filename'], flask.request.args['access_token'][-20:], e))
+        # also, keep track of files that have been opened for write: this is for statistical purposes only
+        # (cf. the GetLock WOPI call and the /wopi/cbox/open/list action)
+        if acctok['filename'] not in srv.openfiles:
+            srv.openfiles[acctok['filename']] = (time.asctime(), set([acctok['username']]))
+        else:
+            # the file was already opened but without lock: this happens on new files (cf. editnew action), just log
+            log.info('msg="First lock for new file" user="%s" filename="%s" token="%s"' %
+                     (acctok['userid'][-20:], acctok['filename'], flask.request.args['access_token'][-20:]))
+        return 'OK', http.client.OK
+
     except IOError as e:
-        # any other error is logged and raised
-        log.error('msg="%s: unable to store WOPI lock" filename="%s" token="%s" lock="%s" reason="%s"' %
-                  (operation.title(), acctok['filename'], flask.request.args['access_token'][-20:], lock, e))
+        if common.EXCL_ERROR in str(e):
+            # another session was faster than us, or the file was already WOPI-locked:
+            # get the lock that was set
+            retrievedLock, lockHolder = retrieveWopiLock(fileid, operation, lock, acctok)
+            if retrievedLock and not compareWopiLocks(retrievedLock, (oldlock if oldlock else lock)):
+                return makeConflictResponse(operation, retrievedLock, lock, oldlock, acctok['filename'], \
+                            'The file is locked by %s' % (lockHolder if lockHolder != 'wopi' else 'another online editor'))
+            # else it's our lock or it had expired, refresh it and return
+            st.refreshlock(acctok['endpoint'], acctok['filename'], acctok['userid'], acctok['appname'], _makeLock(lock))
+            log.info('msg="%s" filename="%s" token="%s" lock="%s" result="refreshed"' %
+                     (operation.title(), acctok['filename'], flask.request.args['access_token'][-20:], lock))
+            return 'OK', http.client.OK
+        # any other error is raised
         raise
 
 
@@ -331,13 +359,13 @@ def makeConflictResponse(operation, retrievedlock, lock, oldlock, filename, reas
     if reason:
         resp.headers['X-WOPI-LockFailureReason'] = resp.data = reason
     resp.status_code = http.client.CONFLICT
-    log.warning('msg="%s" filename="%s" token="%s" lock="%s" oldLock="%s" retrievedLock="%s" %s' %
+    log.warning('msg="%s: returning conflict" filename="%s" token="%s" lock="%s" oldlock="%s" retrievedlock="%s" reason="%s"' %
                 (operation.title(), filename, flask.request.args['access_token'][-20:], \
-                 lock, oldlock, retrievedlock, ('reason="%s"' % reason if reason else 'result="conflict"')))
+                 lock, oldlock, retrievedlock, (reason if reason else 'N/A')))
     return resp
 
 
-def storeWopiFile(request, acctok, xakey, targetname=''):
+def storeWopiFile(request, retrievedlock, acctok, xakey, targetname=''):
     '''Saves a file from an HTTP request to the given target filename (defaulting to the access token's one),
          and stores the save time as an xattr. Throws IOError in case of any failure'''
     if not targetname:
@@ -345,3 +373,13 @@ def storeWopiFile(request, acctok, xakey, targetname=''):
     st.writefile(acctok['endpoint'], targetname, acctok['userid'], request.get_data())
     # save the current time for later conflict checking: this is never older than the mtime of the file
     st.setxattr(acctok['endpoint'], targetname, acctok['userid'], xakey, int(time.time()))
+    # and reinstate the lock if existing
+    if retrievedlock:
+        st.setlock(acctok['endpoint'], targetname, acctok['userid'], acctok['appname'], _makeLock(retrievedlock))
+
+
+def getuserhome(username):
+    '''Returns the path to the "home" directory for a given user.
+    TODO This is CERN/EOS-specific, to be removed once locking is fully implemented
+    and the logic to store webconflict files can be dropped.'''
+    return '/eos/user/%s/%s' % (username[0], username)
diff --git a/src/core/xrootiface.py b/src/core/xrootiface.py
index 439269b6..d508a412 100644
--- a/src/core/xrootiface.py
+++ b/src/core/xrootiface.py
@@ -12,12 +12,16 @@
 from stat import S_ISDIR
 from base64 import b64encode
 from pwd import getpwnam
+from base64 import urlsafe_b64encode, urlsafe_b64decode
+import json
 from XRootD import client as XrdClient
 from XRootD.client.flags import OpenFlags, QueryCode, MkDirFlags, StatInfoFlags
 
+import core.commoniface as common
+
 EOSVERSIONPREFIX = '.sys.v#.'
 
-ENOENT_MSG = 'No such file or directory'
+EXCL_XATTR_MSG = 'exclusive set for existing attribute'
 
 # module-wide state
 config = None
@@ -34,7 +38,7 @@ def _getxrdfor(endpoint):
     global xrdfs             # pylint: disable=global-statement
     global defaultstorage    # pylint: disable=global-statement
     if endpointoverride:
-       endpoint = endpointoverride
+        endpoint = endpointoverride
     if endpoint == 'default':
         return xrdfs[defaultstorage]
     try:
@@ -56,7 +60,7 @@ def _geturlfor(endpoint):
 
 
 def _eosargs(userid, atomicwrite=0, bookingsize=0):
-    '''Assume userid is in the form uid:gid and split userid into uid,gid
+    '''Assume userid is in the form uid:gid and split it into uid, gid
        plus generate extra EOS-specific arguments for the xroot URL'''
     try:
         # try to assert that userid must follow a '%d:%d' format
@@ -68,7 +72,7 @@ def _eosargs(userid, atomicwrite=0, bookingsize=0):
         return '?eos.ruid=%d&eos.rgid=%d' % (ruid, rgid) + '&eos.app=' + ('fuse::wopi' if not atomicwrite else 'wopi') + \
                (('&eos.bookingsize='+str(bookingsize)) if bookingsize else '')
     except (ValueError, IndexError):
-        raise ValueError('Only Unix-based userid is supported with xrootd storage')
+        raise ValueError('Only Unix-based userid is supported with xrootd storage: %s' % userid)
 
 
 def _xrootcmd(endpoint, cmd, subcmd, userid, args):
@@ -87,8 +91,11 @@ def _xrootcmd(endpoint, cmd, subcmd, userid, args):
             if rc != '0':
                 # failure: get info from stderr, log and raise
                 msg = res[1][res[1].find('=')+1:].strip('\n')
-                if ENOENT_MSG.lower() in msg:
-                    log.info('msg="Invoked xroot on non-existing file" cmd="%s" subcmd="%s" args="%s" error="%s" rc="%s"' % \
+                if common.ENOENT_MSG.lower() in msg or 'unable to get attribute' in msg:
+                    log.info('msg="Invoked xroot on non-existing entity" cmd="%s" subcmd="%s" args="%s" error="%s" rc="%s"' % \
+                             (cmd, subcmd, args, msg, rc.strip('\00')))
+                elif EXCL_XATTR_MSG in msg:
+                    log.info('msg="Invoked setxattr on an already locked entity" cmd="%s" subcmd="%s" args="%s" error="%s" rc="%s"' % \
                              (cmd, subcmd, args, msg, rc.strip('\00')))
                 else:
                     log.error('msg="Error with xroot" cmd="%s" subcmd="%s" args="%s" error="%s" rc="%s"' % \
@@ -139,7 +146,9 @@ def stat(endpoint, filepath, userid):
     rc, statInfo = _getxrdfor(endpoint).stat(filepath + _eosargs(userid))
     tend = time.time()
     log.info('msg="Invoked stat" filepath="%s" elapsedTimems="%.1f"' % (filepath, (tend-tstart)*1000))
-    if statInfo is None:
+    if not statInfo:
+        if common.ENOENT_MSG in rc.message:
+            raise IOError(common.ENOENT_MSG)
         raise IOError(rc.message.strip('\n'))
     if statInfo.flags & StatInfoFlags.IS_DIR > 0:
         raise IOError('Is a directory')
@@ -174,8 +183,8 @@ def statx(endpoint, fileid, userid, versioninv=0):
     if '[SUCCESS]' not in str(rc) or not statInfo:
         raise IOError(str(rc).strip('\n'))
     statInfo = statInfo.decode()
-    if 'retc=2\\x00' in statInfo:
-        raise IOError(ENOENT_MSG)     # convert ENOENT
+    if 'stat: retc=2' in statInfo:
+        raise IOError(common.ENOENT_MSG)     # convert ENOENT
     if 'retc=' in statInfo:
         raise IOError(statInfo.strip('\n'))
     statxdata = statInfo.split()
@@ -236,26 +245,85 @@ def statx(endpoint, fileid, userid, versioninv=0):
     }
 
 
-def setxattr(endpoint, filepath, userid, key, value):
-    '''Set the extended attribute <key> to <value> via a special open on behalf of the given userid'''
-    _xrootcmd(endpoint, 'attr', 'set', userid, 'mgm.attr.key=user.' + key + '&mgm.attr.value=' + str(value) + \
+def setxattr(endpoint, filepath, _userid, key, value):
+    '''Set the extended attribute <key> to <value> via a special open.
+    The userid is overridden to make sure it also works on shared files.'''
+    _xrootcmd(endpoint, 'attr', 'set', '0:0', 'mgm.attr.key=user.' + key + '&mgm.attr.value=' + str(value) + \
               '&mgm.path=' + _getfilepath(filepath, encodeamp=True))
 
 
-def getxattr(endpoint, filepath, userid, key):
-    '''Get the extended attribute <key> via a special open on behalf of the given userid'''
-    res = _xrootcmd(endpoint, 'attr', 'get', userid, 'mgm.attr.key=user.' + key + '&mgm.path=' + _getfilepath(filepath, encodeamp=True))
-    # if no error, the response comes in the format <key>="<value>"
+def getxattr(endpoint, filepath, _userid, key):
+    '''Get the extended attribute <key> via a special open.
+    The userid is overridden to make sure it also works on shared files.'''
     try:
+        res = _xrootcmd(endpoint, 'attr', 'get', '0:0', \
+                        'mgm.attr.key=user.' + key + '&mgm.path=' + _getfilepath(filepath, encodeamp=True))
+        # if no error, the response comes in the format <key>="<value>"
         return res.split('"')[1]
-    except IndexError:
-        log.warning('msg="Failed to getxattr" filepath="%s" key="%s" res="%s"' % (filepath, key, res))
+    except (IndexError, IOError):
         return None
 
 
-def rmxattr(endpoint, filepath, userid, key):
-    '''Remove the extended attribute <key> via a special open on behalf of the given userid'''
-    _xrootcmd(endpoint, 'attr', 'rm', userid, 'mgm.attr.key=user.' + key + '&mgm.path=' + _getfilepath(filepath, encodeamp=True))
+def rmxattr(endpoint, filepath, _userid, key):
+    '''Remove the extended attribute <key> via a special open.
+    The userid is overridden to make sure it also works on shared files.'''
+    _xrootcmd(endpoint, 'attr', 'rm', '0:0', 'mgm.attr.key=user.' + key + '&mgm.path=' + _getfilepath(filepath, encodeamp=True))
+
+
+def _getLegacyLockName(filename):
+    '''Generates the legacy hidden filename used to store the WOPI locks'''
+    return os.path.dirname(filename) + os.path.sep + '.sys.wopilock.' + os.path.basename(filename) + '.'
+
+
+def setlock(endpoint, filepath, userid, appname, value):
+    '''Set a lock as an xattr with the given value metadata and appname as holder.
+    The special option "c" (create-if-not-exists) is used to be atomic'''
+    try:
+        log.debug('msg="Invoked setlock" filepath="%s"' % filepath)
+        setxattr(endpoint, filepath, userid, common.LOCKKEY, \
+                 urlsafe_b64encode(common.genrevalock(appname, value).encode()).decode() + '&mgm.option=c')
+    except IOError as e:
+        if EXCL_XATTR_MSG in str(e):
+            raise IOError(common.EXCL_ERROR)
+
+
+def getlock(endpoint, filepath, userid):
+    '''Get the lock metadata as an xattr'''
+    l = getxattr(endpoint, filepath, userid, common.LOCKKEY)
+    if l:
+        return json.loads(urlsafe_b64decode(l).decode())
+    # try and read it from the legacy lock file for the time being
+    l = b''
+    for line in readfile(endpoint, _getLegacyLockName(filepath), '0:0'):
+        if isinstance(line, IOError):
+            return None         # no pre-existing lock found, or error attempting to read it: assume it does not exist
+        # the following check is necessary as it happens to get a str instead of bytes
+        l += line if isinstance(line, type(l)) else line.encode()
+    return {'h': 'wopi', 'md' : l}     # this is temporary
+
+
+def refreshlock(endpoint, filepath, userid, appname, value):
+    '''Refresh the lock value as an xattr'''
+    log.debug('msg="Invoked refreshlock" filepath="%s"' % filepath)
+    l = getlock(endpoint, filepath, userid)
+    if not l:
+        raise IOError('File was not locked')
+    if l['h'] != appname and l['h'] != 'wopi':
+        raise IOError('File is locked by %s' % l['h'])
+    # this is non-atomic, but the lock was already held
+    setxattr(endpoint, filepath, userid, common.LOCKKEY, \
+             urlsafe_b64encode(common.genrevalock(appname, value).encode()).decode())
+
+
+def unlock(endpoint, filepath, userid, _appname):
+    '''Remove a lock as an xattr'''
+    log.debug('msg="Invoked unlock" filepath="%s"' % filepath)
+    try:
+        # try and remove the legacy lock file as well for the time being
+        removefile(endpoint, _getLegacyLockName(filepath), userid, force=True)
+    except IOError:
+        pass
+    rmxattr(endpoint, filepath, userid, common.LOCKKEY)
 
 
 def readfile(endpoint, filepath, userid):
@@ -268,9 +336,9 @@ def readfile(endpoint, filepath, userid):
         tend = time.time()
         if not rc.ok:
             # the file could not be opened: check the case of ENOENT and log it as info to keep the logs cleaner
-            if ENOENT_MSG in rc.message:
+            if common.ENOENT_MSG in rc.message:
                 log.info('msg="File not found on read" filepath="%s"' % filepath)
-                yield IOError(ENOENT_MSG)
+                yield IOError(common.ENOENT_MSG)
             else:
                 log.warning('msg="Error opening the file for read" filepath="%s" code="%d" error="%s"' % \
                             (filepath, rc.shellcode, rc.message.strip('\n')))
@@ -301,7 +369,7 @@ def writefile(endpoint, filepath, userid, content, islock=False):
         if islock and 'File exists' in rc.message:
             # racing against an existing file
             log.info('msg="File exists on write but islock flag requested" filepath="%s"' % filepath)
-            raise IOError('File exists and islock flag requested')
+            raise IOError(common.EXCL_ERROR)
         # any other failure is reported as is
         log.warning('msg="Error opening the file for write" filepath="%s" error="%s"' % (filepath, rc.message.strip('\n')))
         raise IOError(rc.message.strip('\n'))
@@ -329,9 +397,9 @@ def renamefile(endpoint, origfilepath, newfilepath, userid):
               '&mgm.file.target=' + _getfilepath(newfilepath, encodeamp=True))
 
 
-def removefile(endpoint, filepath, userid, force=0):
+def removefile(endpoint, filepath, userid, force=False):
     '''Remove a file via a special open on behalf of the given userid.
-    If force=1 or True, then pass the f option, that is skip the recycle bin.
+    If force then pass the f option, that is skip the recycle bin.
     This is useful for lock files, but as it requires root access the userid is overridden.'''
     if force:
         userid = '0:0'
diff --git a/src/wopiserver.py b/src/wopiserver.py
index 791aa074..ae6e7ac4 100755
--- a/src/wopiserver.py
+++ b/src/wopiserver.py
@@ -410,10 +410,10 @@ def wopiFilesPost(fileid):
             return 'Attempting to perform a write operation using a read-only token', http.client.UNAUTHORIZED
         if op in ('LOCK', 'REFRESH_LOCK'):
             return core.wopi.setLock(fileid, headers, acctok)
-        if op == 'UNLOCK':
-            return core.wopi.unlock(fileid, headers, acctok)
         if op == 'GET_LOCK':
             return core.wopi.getLock(fileid, headers, acctok)
+        if op == 'UNLOCK':
+            return core.wopi.unlock(fileid, headers, acctok)
         if op == 'PUT_RELATIVE':
             return core.wopi.putRelative(fileid, headers, acctok)
         if op == 'DELETE':
diff --git a/test/wopiserver-test.conf b/test/wopiserver-test.conf
index b10bfdaa..a931a7a0 100644
--- a/test/wopiserver-test.conf
+++ b/test/wopiserver-test.conf
@@ -23,8 +23,8 @@ endpoint = 123e4567-e89b-12d3-a456-426655440000
 storagehomepath = /home
 
 [xroot]
-storageserver = root://eoshome-i00
+storageserver = root://eoshomecanary
 userid = 0:0
-endpoint = root://eoshome-i00
+endpoint = root://eoshomecanary
 storagehomepath = /eos/dev/test/instancetest