Re: Past LC comments on draft-ietf-geopriv-http-location-delivery-08

Lisa Dusseault wrote:

I believe I instigated the creation of a new URI scheme for HELD.That's not to say, however, that I or the IESG required that solution --to elaborate on what Martin said, I raised some issues, and the URIscheme was added after my review, but other solutions might work insteadof new URI schemes.
The discussions started in a bar in San Diego (unminuted). After thatthere was list email. The issues that I was trying to help the WG address:- When an HTTP URI is found in an email, blog, etc, the operatingsystem launches a Web browser. However, a Web browser doesn't know howto formulate a HELD request, and even if it did know how, it wouldn'tknow when/whether.


Yes. Understood.

Can somebody rephrase this is as a use case? I may not understand thegeopriv stuff sufficiently to grok where the problem is.


The spec already defines a custom MIME type (good!).

Is the concern that a client that does a GET on an HTTP URI, and receivea response with that MIME type, still wouldn't know whether it's seeinga genuine HELD response, or just some static XML document served by aweb server?

In that case I think a new response header, or some use of OPTIONS wouldbe a simpler way to achieve that.

- When location URIs appear in another context -- let's say, anotherprotocol or a data format -- it can be helpful to be able to limit whatkind of URIs appear in that context. Limiting by saying "These URIsmust be of this URI scheme" is an easy way to do so.
Both of these problems can be solved in other ways besides defining anew URI scheme.
That said, a new URI scheme does help with both problems, and it doeshighlight the issue that most regular HTTP requests (e.g. a GET withouta body) are not standardized or interoperable under HELD. It should beOK to use a new URI scheme in the target of an HTTP request, after allthat's a well-defined point of HTTP extensibility in theory, and I'm notaware of major client or server library limitations that would preventuse in practice. If it has to be made explicit in the document thatdefines the URI schemes, so be it -- I believe it was implicit but obvious.


As far as I can tell there are several problems with that:

- RFC2616 requires servers to understand requests with an absoluteURI asrequest-URI, but it also tells HTTP/1.1 clients not to use it (exceptwhen talking to proxies); so you're moving outside the HTTP/1.1 spec

- existing client libraries (such as XHR or Apache HttpClient) do notsupport this format (and why should they?), so how do you get therequest on the wire if not by writing a custom http stack?

- how do you implement a server on top of existing HTTP frameworks, suchas in a Java servlet container? Are there extension hooks that allow this?


So, has this been *tested*?

I'm aware of the W3C TAG recommendations on new URI schemes. Their TRsays " Good practice: Reuse URI schemes. A specification SHOULD reusean existing URI scheme (rather than create a new one) when it providesthe desired properties of identifiers and their relation to resources."Some of their notes say for example: "You need to demonstrate there is abar for URIs [new schemes] doing what you want or there is a huge valueadd". We can debate whether this example is a big value-add and whetherthe HTTP URI fails to express that a client needs to do a custom GETrequest, but given those caveats and the lack of an official IESG orIETF position on this, I believe there's some consistency between W3CTAG recommendations and IETF usage, and potentially this specific usage.


Maybe, maybe not.

It would be helpful if somebody would explain why HTTP does not workhere. For instance, where's the difference to WebDAV or AtomPub thatrequires a whole new identification scheme?


BR, Julian
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf