Re: [art] ART Area Review for draft-ietf-calext-caldav-attachments-02
"Roy T. Fielding" <fielding@gbiv.com> Mon, 22 May 2017 22:19 UTC
Return-Path: <fielding@gbiv.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB5F11293E4; Mon, 22 May 2017 15:19:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.799
X-Spam-Level:
X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gbiv.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kEkQWFa2iKT; Mon, 22 May 2017 15:19:38 -0700 (PDT)
Received: from homiemail-a124.g.dreamhost.com (sub5.mail.dreamhost.com [208.113.200.129]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CABD81272E1; Mon, 22 May 2017 15:19:38 -0700 (PDT)
Received: from homiemail-a124.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a124.g.dreamhost.com (Postfix) with ESMTP id 3C33560000D00; Mon, 22 May 2017 15:19:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gbiv.com; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=gbiv.com; bh=Nz05IO1NsBfpXtaFlaWPXuvDnSo=; b=ZgLihgmtrCpKC/VviNR09HBmPn0J ALjXorRrieRDaDJqwskdlPGte5zsdP8gZ6LFnT7qlzoUk4504psaxIWfK9wvxzxb m8UjMShYowoZ9iy+dlEnPDEnDm551TLMAyRf2qnokRcnteqgk2llHYm/Gecmo0oJ OWsUJ0cqCk3UpGw=
Received: from [192.168.1.11] (ip68-228-71-159.oc.oc.cox.net [68.228.71.159]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: fielding@gbiv.com) by homiemail-a124.g.dreamhost.com (Postfix) with ESMTPSA id 1739560001B0A; Mon, 22 May 2017 15:19:38 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <07f64bc5-13f6-62a0-3c04-91c780f69672@andrew.cmu.edu>
Date: Mon, 22 May 2017 15:19:37 -0700
Cc: Julian Reschke <julian.reschke@gmx.de>, IETF Discussion <ietf@ietf.org>, art@ietf.org, Cyrus Daboo <cyrus@daboo.name>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4803F47E-B29C-440A-91EA-F0D115208A53@gbiv.com>
References: <c04f39e2-79d2-ab9d-59ab-26e51d7ab5fc@gmx.de> <81613220-989b-ca78-fe56-0ac7b19e7ce6@andrew.cmu.edu> <b2a4924d-c7c9-b40b-484f-9fab48bfe5de@gmx.de> <a603f3de-2d96-6f86-e0c3-3e0a4884a185@andrew.cmu.edu> <7bcfecea-3a89-978c-9e1b-edf9aac5dd44@gmx.de> <07f64bc5-13f6-62a0-3c04-91c780f69672@andrew.cmu.edu>
To: Ken Murchison <murch@andrew.cmu.edu>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/kjrkRQyNDzrtPjlZQgXZm3iSroY>
Subject: Re: [art] ART Area Review for draft-ietf-calext-caldav-attachments-02
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 22:19:41 -0000
> On May 22, 2017, at 11:59 AM, Ken Murchison <murch@andrew.cmu.edu> wrote: > On 05/17/2017 09:58 AM, Julian Reschke wrote: >> On 2017-05-17 15:07, Ken Murchison wrote: >>> ... >>>> Only for creation of the attachment. Once is has been created, it >>>> should have its own URI, and the usual HTTP methods should be applicable. >>> >>> Using HTTP methods directly on the attachment URI makes things more >>> difficult because the calendar resource(s) referencing the attachment >>> also need to be updated. This would have to be done either as a >>> side-effect of the PUT/DELETE on the attachment, or as a separate PUT >>> (and separate round-trips) on the resource(s). The desire was to avoid >>> doing either one of these, which is why a POST on the calendar resource >>> was chosen as the method to add/update/delete an attachment from a >>> calendar resource. >> >> But the POST is *not* on the calendar resource, but on the calendar resource + query parameters, which, from HTTP's point of view is a different resource already. >> >> Furthermore, what URIs are used is orthogonal to the question of which methods to use. >> >> Why is >> >> POST /calendar-entry?action=remove&attachment=xyz >> >> easier to process than >> >> DELETE /calendar-entry?attachment=xyz >> >> or >> >> DELETE /calendar-entry/attachments/xyz >> >> ? > > The issue here is that a single calendar resource may contain multiple events (recurring event with overrides) and a particular attachment may be associated with more than one instance of that event. For this reason, we felt it best to use the calendar resource as the gateway to the attachments, thus allowing manipulating multiple instances of an attachment in a single round-trip. Also, by preventing clients from manipulating attachments directly, a CalDAV server isn't forced to alter all calendar resources associated with a particular attachment. But that isn't relevant to the choices here. HTTP is not a filesystem. A single implementation (e.g., caldav resource) can handle a wide variety of URLs (identified HTTP resources) with all sorts of co-dependencies in the state represented by those resources. They are all part of the calendar. The method states the kind of action being made. Likewise, an identifier for the attachment associated with the calendar entry doesn't have to be the same as the identifiers for interacting with the attachment directly. For example, the calendar might provide one identifier for the original attachment, a second for the attachment currently applicable to a given instance of an entry, and a third for updating future instances of that repeating event (i.e., all defined by the server, not the protocol). In any case, one of the cornerstones of caldav practice is that caldav provides just one interface to an abstract Calendar database normally accessed via many different protocols/systems. The Calendar should already be maintaining coherence between entries and attachments, just like it shouldn't require a new entry be created every time the invitation list is expanded. > We also have a fairly large number of deployed implementations which we do not want to make non-compliant by substantially modifying the protocol. At this point, specifying the use of HTTP methods other than POST would indeed make existing implementations non-compliant. Specifying method actions within URL query strings is well-known to be bad practice. However, if you are okay with specifying an IETF protocol that contains obviously bad practice in its application of HTTP, a minimum would be to reference section 4.2.1 of RFC7231, where it states: When a resource is constructed such that parameters within the effective request URI have the effect of selecting an action, it is the resource owner's responsibility to ensure that the action is consistent with the request method semantics. For example, it is common for Web-based content editing software to use actions within query parameters, such as "page?do=delete". If the purpose of such a resource is to perform an unsafe action, then the resource owner MUST disable or disallow that action when it is accessed using a safe request method. Failure to do so will result in unfortunate side effects when automated processes perform a GET on every URI reference for the sake of link maintenance, pre-fetching, building a search index, etc. > We would definitely like to make this protocol conform to current HTTP practice where possible, and would also document where we have strayed from existing practice if required to do so. Do you think we can come to some kind of consensus that meets these goals? > > -- > Kenneth Murchison > Principal Systems Software Engineer > Carnegie Mellon University I honestly don't see how this can be considered an extension of WebDAV and yet have such a profound misunderstanding of method semantics. Other applications of HTTP might be expected to work around PUT/DELETE, but not a WebDAV server. Likewise, defining a protocol in terms of predefined URL patterns and specific query components is fundamentally incompatible with REST. OTOH, it's not the first time this has come up. HTTP provides plenty of rope, for good reasons, and these types of choices seem only to harm those using the rope. Maybe a future version will just use HTTP. Cheers, Roy T. Fielding <http://roy.gbiv.com/> Senior Principal Scientist, Adobe <https://www.adobe.com/>
- [art] ART Area Review for draft-ietf-calext-calda… Julian Reschke
- Re: [art] ART Area Review for draft-ietf-calext-c… Ken Murchison
- Re: [art] ART Area Review for draft-ietf-calext-c… Julian Reschke
- Re: [art] ART Area Review for draft-ietf-calext-c… Ken Murchison
- Re: [art] ART Area Review for draft-ietf-calext-c… Cyrus Daboo
- Re: [art] ART Area Review for draft-ietf-calext-c… Cyrus Daboo
- Re: [art] ART Area Review for draft-ietf-calext-c… Julian Reschke
- Re: [art] ART Area Review for draft-ietf-calext-c… Julian Reschke
- Re: [art] ART Area Review for draft-ietf-calext-c… Ken Murchison
- Re: [art] ART Area Review for draft-ietf-calext-c… Roy T. Fielding
- Re: [art] ART Area Review for draft-ietf-calext-c… Julian Reschke
- Re: [art] ART Area Review for draft-ietf-calext-c… Julian Reschke