Re: [Geopriv] WGLC: draft-ietf-geopriv-http-location-delivery-09.txt

From: Thomson, Martin ^lt;>
Date: Sun Sep 28 2008 - 19:56:48 EDT

With regards to the use of POST, the action performed does not meet the "safe" criteria. As a result of the request, the server may be required to perform certain actions. The most significant being the taking of measurements and the creation of temporary resources (the location URI).

(It is safer to assume that the request is not idempotent either, particularly where location URIs are involved.)


> -----Original Message-----
> From: [] On
> Behalf Of Julian Reschke
> Sent: Friday, 26 September 2008 11:06 PM
> To: Tschofenig, Hannes (NSN - FI/Espoo)
> Subject: Re: [Geopriv] WGLC: draft-ietf-geopriv-http-location-delivery-
> 09.txt
> Tschofenig, Hannes (NSN - FI/Espoo) wrote:
> >> Hi,
> >>
> >> here are some comments about the usage of HTTP (I have to
> >> point out that I made these before :-).
> >>
> >> 1) I think it's unwise to marshall error messages with a status of
> 200.
> >
> > A perfectly fine mechanism when the error is not at the HTTP layer
> but
> > at the application running on top of HTTP.
> Well yes, if you use HTTP just for tunneling.
> However, tunneling has drawbacks; for instance you loose the inherent
> HTTP semantics for error responses (consider cacheability, or all the
> interesting additional information 4xx/5xx messages can carry, such as
> authentication triggers, detection of broken payload, or temporary
> server unavailability).
> >> 2) It's not totally clear why the protocol relies on POST (an
> >> unsafe method), when it's really just a query mechanism. Was
> >> GET with parameters really considered?
> >
> > Why do you think POST is unsafe in this application?
> It isn't in *this* application, but it is in general in HTTP.
> This spec uses HTTP as transport, and thus I think it would be good to
> use it in the best possible way. For instance, when you use existing
> HTTP libraries (and I assumed that's what you want), by using POST you
> loose the ability to automatically follow redirects.
> BR, Julian
> _______________________________________________
> Geopriv mailing list

This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.
If you have received it in error, please notify the sender
immediately and delete the original. Any unauthorized use of
this email is prohibited.
Geopriv mailing list
Received on Sun, 28 Sep 2008 18:56:48 -0500

This archive was generated by hypermail 2.1.8 : Sun Sep 28 2008 - 19:57:11 EDT