IETF Logo Mail Archive

Re: [httpapi] Alissa Cooper's Block on charter-ietf-httpapi-00-00: (with BLOCK and COMMENT)

Barry Leiba <barryleiba@computer.org> Thu, 10 September 2020 16:31 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61C503A0E0B; Thu, 10 Sep 2020 09:31:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QUaB0Zy1HS8w; Thu, 10 Sep 2020 09:31:13 -0700 (PDT)
Received: from mail-io1-f47.google.com (mail-io1-f47.google.com [209.85.166.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A63F33A0DA1; Thu, 10 Sep 2020 09:31:13 -0700 (PDT)
Received: by mail-io1-f47.google.com with SMTP id b6so7749207iof.6; Thu, 10 Sep 2020 09:31:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=xw707rscEbmTNnyYmIqptcP8VrrHCap9GWQ7BrRyJ6w=; b=E32uu+U/wFNkY867wSsZPidlzaL2DukA1Z4QhEZVJCxDDbWWVb2CNS7MNAbaM1V3sP oBsdOlkzSXBdIfbcf6lJtuuwvVOjvAuV+znzGNi7DSX4BbLDcfeKHjh4G5bRWFJ1XeDW Q+ggS0ZKI6ZJkQmNg6gTqRLNB6tOwQ2ryTgnxIP3iMHmH/mG1TPFo6lr056Edr9LwXPi jdmx1wCDun0jMxF+4eLfkNej83Z77WB/Ok7tuH3lCvRfGgNCnM+meumAT+MVGMhh3gI+ gD9J8GsnGw/l5Mizboz/5dSuqfMaLaZ3DPnNSIgdKK2VGJVjjH5XEHOWiXP7RPY9y3HW OvwA==
X-Gm-Message-State: AOAM533iC3EPjxSbRQulqKQD+Aom+KO87HmKvQPNzPKWqDu8Rj6NsCT4 PazwU8lh/SOueAM+yfzH0BeUWgznpSvqvq1iFF+uONSzRzE=
X-Google-Smtp-Source: ABdhPJyVurPPthrhYP+PogVuvgWZiPT0qWc9xRtHgPsZLlFGeQRRaUJOW6tIvyDYw3Ww/16d3HHC6Sh+bjtWxOjkEyc=
X-Received: by 2002:a6b:e718:: with SMTP id b24mr8501855ioh.9.1599755472655; Thu, 10 Sep 2020 09:31:12 -0700 (PDT)
MIME-Version: 1.0
References: <159966323879.8094.15005725001447785927@ietfa.amsl.com> <EFA2643E-6A3D-48A9-A02F-C02C0E3E0B97@mnot.net> <752C5863-F10A-44A4-8459-CBF7529C14CC@cooperw.in>
In-Reply-To: <752C5863-F10A-44A4-8459-CBF7529C14CC@cooperw.in>
From: Barry Leiba <barryleiba@computer.org>
Date: Thu, 10 Sep 2020 12:31:01 -0400
Message-ID: <CALaySJ+NL4u6SmuXXding9y6E6OYVj_7=Pnr=St=6f5vn_4SiQ@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: Mark Nottingham <mnot@mnot.net>, httpapi@ietf.org, IESG <iesg@ietf.org>, httpapi-chairs@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/-jsiY-faa7SdwXMUYOK1bg-EUVA>
Subject: Re: [httpapi] Alissa Cooper's Block on charter-ietf-httpapi-00-00: (with BLOCK and COMMENT)
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 16:31:26 -0000

The -00-01 version of the proposed charter includes Mark's latest
edits.  Alissa, will you check it and let us know what you think?

Thanks,
Barry

On Thu, Sep 10, 2020 at 8:44 AM Alissa Cooper <alissa@cooperw.in> wrote:
>
> Hi Mark,
>
> > On Sep 9, 2020, at 9:15 PM, Mark Nottingham <mnot@mnot.net> wrote:
> >
> > Hi Alissa (et al),
> >
> > Apologies, I missed many of the previous charter comments (there was some confusion about list creation -- it seems not many people were told), so I'll respond to some previous ones here.
> >
> > (For folks who have just joined the list: this is the IESG's discussion of whether to adopt the WG charter; see <https://datatracker.ietf.org/doc/charter-ietf-httpapi/ballot/> and feel free to chime in).
> >
> >> On 10 Sep 2020, at 12:53 am, Alissa Cooper via Datatracker <noreply@ietf.org> wrote:
> >>
> >> I agree with Martin.
> >
> > Martin's comment was:
> >
> >> from the charter I have no idea what portion of this large problem space constitutes the short-term objectives of this group.
> >
> > As discussed in DISPATCH, this is purposefully not proposed with immediate milestones. To date, we've done some API-related work in the HTTP WG (e.g., Signatures), and in many ways this proposal is simply splitting that work out into a separate group to make it more accessible to its target community.
> >
> > So, to Murray and Roman's comments, yes this is intended to be a standing group -- *if* it is healthy. I would consider it on probation for at least 6-9 months, to see if it's able to have good interaction with the rest of the API community and be productive; if not, as I've said many times I'll be the one most loudly calling for it to be shut down.
>
> I would say we put that in the charter then, so everyone agrees to revisit on the same time frame.
>
> >
> > There are a number of potential drafts out there that the group could adopt, but I'd rather see a CfAs happen in the group, rather than as part of the chartering process; that will help form the community and give it ownership over what's going on (and will give it some experience running the CfA process). I gave a talk about API standards and linked to the mailing list last night, and so far the mailing list has almost 20 new members -- many who AFAICT are new to the IETF and also actively practicing in this area.
> >
> > So if the IESG insists, we can add a few initial drafts as milestones, but for the reasons above I have a fairly strong preference not to.
> >
> >> In particular, I am wondering how the WG will define "specific use cases or applications" as referred to where the text says, "this WG will not take on work items for APIs for specific use cases or applications."
> >
> > It says the WG will *not* do those things.
>
> Right, my question is how do you know which things you won’t do?
>
> >
> > That text is intended to prevent the WG from defining specific APIs. For example, if someone wants to create a HTTP API for DNS (to use a recent example), this group wouldn't be an appropriate place to do that.
>
> I think for applications it’s clearer, but what is a “specific use case”? To use your example above, let’s say my use case is that I want to be able to digitally sign the contents of HTTP messages. Since that is apparently in scope for the WG, why does it not count as a “specific use case”? I’m not arguing with the limitation, I’m just hoping to have the charter be more expressive in describing the boundary.
>
> >
> >> I agree with Magnus that it is unclear whether the third bullet encompasses work that the WG will do or not.
> >
> > The intent there was that the group could talk about proposals for new status codes, but would need to defer their actual standardisation to the HTTP WG (since in HTTP status codes, like methods, are generic and not supposed to be specific to any application or even type of application).
>
> Ok. It shouldn’t be in a bulleted list of what the WG’s outputs will be, but maybe can be described in its own paragraph.
>
> Alissa
>
> >
> > I'm open to figuring out another way to do this -- and maybe the charter doesn't need to be so specific (or maybe it needs to be more?). But I think it's generally safer for restricted items like status codes and methods to go through the HTTP WG; we've been burned before on this (e.g., see WEBDAV).
> >
> >> The first sentence is clunky. I would suggest "In addition to its use for web browsing, HTTP is often used for machine-to-machine communication, facilitated by HTTP APIs."
> >
> > Fine by me.
> >
> > Some other responses --
> >
> > Erik K said 'I still think the working group name might be shortened by removing "ttp".'
> >
> > I don't think that would be wise; not only would it remove the reinforcement of the term 'HTTP API' (terminology has been a problem for a while in this area), but it would also conflict with Eran Hammer Lahev's HAPI framework for building HTTP services. I also find that the IETF's penchant for cute names can be confusing and off-putting to outsiders.
> >
> > Éric asks 'Should there also be a link with the CoRE WG?'
> >
> > Definitely not. CORE is not HTTP, and requiring coordination there would be burdensome to both communities. If the IESG is going to insist on coordination between HTTP and CORE, we have a *much* bigger discussion at our feet.
> >
> > Ben wonders about TLS mutual authentication. I suspect that TLS extensions are out of scope for this community, but gauging interest in / requirements for doing it from HTTP APIs here could be useful.
> >
> > Roman asks 'As written, does all HTTP for web browser go to HTTPbis; and machine-to-machine comes here?'
> >
> > That's a rough yardstick;  I expect there to be fairly close communication and coordination between the groups about potential work. This isn't that unusual in the IETF; e.g., I've seen work items go from SECDISPATCH to DISPATCH and then to the HTTP WG, with a fair amount of back-channel coordination between the relevant WG chairs and ADs.
> >
> > I'd also observe that from discussions I've had, this split makes sense to HTTP folks; it might not from a greater distance, but I do think it'll work.
> >
> > Cheers,
> >
> > --
> > Mark Nottingham   https://www.mnot.net/
> >
>

v2.23.0 | Report a Bug | By Email