IETF Logo Mail Archive

Re: [httpapi] Alissa Cooper's Block on charter-ietf-httpapi-00-00: (with BLOCK and COMMENT)

Alissa Cooper <alissa@cooperw.in> Thu, 10 September 2020 16:59 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 134F23A0E41; Thu, 10 Sep 2020 09:59:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=MHKxekeL; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=YsD7Z7fz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4zlo3VXUxK8F; Thu, 10 Sep 2020 09:59:39 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FF223A0E31; Thu, 10 Sep 2020 09:59:38 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 9348A5C010D; Thu, 10 Sep 2020 12:59:37 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 10 Sep 2020 12:59:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=r YBcNv2P9G78mUQSH1oVEvYpg0cV4Vks08+Enyat3Fs=; b=MHKxekeLUqLlbiZWY 9wdhTh6l54FHyhLi5ddB8q+7vdhPLVypcV13yEZ9QESUNRbGK8hhv+ElwdoqhFOl 4S+41LLnZXg8Ff31B6uF1/lVADhSbecXdkI9z8Ga3hRdyxczrSPrKwI0PH9hUKVP W6g1smeRHyuEbEa1puGxK37oPiiTloJZA0ggUR77z63Kezm851ROiSKhw3Qx0V+z JxOZt+QWgq9Ba4UCst/6P03mxuXxeOlZpDbIk3JtdYDVtYiX5XlyAdH9T4swyjmX 13ulHxYNzGrafP9YIBy4ptpSRjgkwAwXyAiy61NIM9QngEaCBwXeuqJU0eZGrnUy Hy7sQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=rYBcNv2P9G78mUQSH1oVEvYpg0cV4Vks08+Enyat3 Fs=; b=YsD7Z7fzm3/q91zC9mGLyIr4RKRIGJQxtOc+faZ3n+Vc25ENvmeBtxVDC /C76hBNPSlHR281yKPUqTVt9Z4NsVIceu3gFpYgahnCim2VB0e/8gUhWMMjDUsCR /qIlxExOpea8nOCq5QrEiAHEkScM/CSNYVcz3X83+B4wTLQ1vlGK4O3BQUQq3KEK O/GgzlTLDClKjxp8FQGgap5/U0YhVqVmZVjpGHVgu/H5O7+zU1SF0oQ9LrnXP7Ij O3Urn6DXQDrOXwFWBzgFpJWUnVC+HPE7vaUOu96/NLTTA2dJZsojaX5vQHXP6rBf oUlHQuJdyiBRfXkX6lCwJHa/IlN7w==
X-ME-Sender: <xms:eVtaX1-F_TxEzjTdPVzYNjyN8UvC0hQKkXNndO5ADjjuZpKs4yNmCQ> <xme:eVtaX5s_T1u9jqTmt1p4LQftgL5S7jkM_7vPosIuR4Aa1MnYQ4IiAMR854DQEWe70 MW3yl-nNlJNdARqOA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudehjedguddtudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpegtggfuhfgjfffgkfhfvffosehtqhhmtdhhtdejnecuhfhrohhmpeetlhhi shhsrgcuvehoohhpvghruceorghlihhsshgrsegtohhophgvrhifrdhinheqnecuggftrf grthhtvghrnhepleevkeeiueelgedvhfdtvdetvdekffeiteekteffveehtdetveeifedv teelteeknecuffhomhgrihhnpehivghtfhdrohhrghdpmhhnohhtrdhnvghtnecukfhppe dujeefrdefkedruddujedrkeegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm pehmrghilhhfrhhomheprghlihhsshgrsegtohhophgvrhifrdhinh
X-ME-Proxy: <xmx:eVtaXzCvJxhoz9XEo-aa5P5k3EiNL3zfUiDlw8CQ3BzAztAoiOEDEg> <xmx:eVtaX5cjblWI9gB_Jvstrncyi0bFSYvHdZk-J5L_5yLTyxCJGzLAKg> <xmx:eVtaX6OVVlGwVMn6Jy8C7A0KF7SstHDfGma8ron8Klbg5q3AcEGLIg> <xmx:eVtaXzaUc91O-JJthrDBs13kBszGR2PGNtE2alV3q_smtdtYdY1y5Q>
Received: from rtp-alcoop-nitro2.cisco.com (unknown [173.38.117.84]) by mail.messagingengine.com (Postfix) with ESMTPA id F059E3064683; Thu, 10 Sep 2020 12:59:36 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <CALaySJ+NL4u6SmuXXding9y6E6OYVj_7=Pnr=St=6f5vn_4SiQ@mail.gmail.com>
Date: Thu, 10 Sep 2020 12:59:36 -0400
Cc: Mark Nottingham <mnot@mnot.net>, httpapi@ietf.org, IESG <iesg@ietf.org>, httpapi-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <515FE00E-9542-46F3-8666-9D4ADC7B4C65@cooperw.in>
References: <159966323879.8094.15005725001447785927@ietfa.amsl.com> <EFA2643E-6A3D-48A9-A02F-C02C0E3E0B97@mnot.net> <752C5863-F10A-44A4-8459-CBF7529C14CC@cooperw.in> <CALaySJ+NL4u6SmuXXding9y6E6OYVj_7=Pnr=St=6f5vn_4SiQ@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/FczXPNBRmpNYC_mVounb94VWm6M>
Subject: Re: [httpapi] Alissa Cooper's Block on charter-ietf-httpapi-00-00: (with BLOCK and COMMENT)
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 16:59:41 -0000

> On Sep 10, 2020, at 12:31 PM, Barry Leiba <barryleiba@computer.org> wrote:
> 
> The -00-01 version of the proposed charter includes Mark's latest
> edits.  Alissa, will you check it and let us know what you think?

It does not address the points below about reviewing the productivity of the group after 6-9 months or about “specific use cases.” Otherwis it looks fine to me.

Thanks,
Alissa

> 
> Thanks,
> Barry
> 
> On Thu, Sep 10, 2020 at 8:44 AM Alissa Cooper <alissa@cooperw.in> wrote:
>> 
>> Hi Mark,
>> 
>>> On Sep 9, 2020, at 9:15 PM, Mark Nottingham <mnot@mnot.net> wrote:
>>> 
>>> Hi Alissa (et al),
>>> 
>>> Apologies, I missed many of the previous charter comments (there was some confusion about list creation -- it seems not many people were told), so I'll respond to some previous ones here.
>>> 
>>> (For folks who have just joined the list: this is the IESG's discussion of whether to adopt the WG charter; see <https://datatracker.ietf.org/doc/charter-ietf-httpapi/ballot/> and feel free to chime in).
>>> 
>>>> On 10 Sep 2020, at 12:53 am, Alissa Cooper via Datatracker <noreply@ietf.org> wrote:
>>>> 
>>>> I agree with Martin.
>>> 
>>> Martin's comment was:
>>> 
>>>> from the charter I have no idea what portion of this large problem space constitutes the short-term objectives of this group.
>>> 
>>> As discussed in DISPATCH, this is purposefully not proposed with immediate milestones. To date, we've done some API-related work in the HTTP WG (e.g., Signatures), and in many ways this proposal is simply splitting that work out into a separate group to make it more accessible to its target community.
>>> 
>>> So, to Murray and Roman's comments, yes this is intended to be a standing group -- *if* it is healthy. I would consider it on probation for at least 6-9 months, to see if it's able to have good interaction with the rest of the API community and be productive; if not, as I've said many times I'll be the one most loudly calling for it to be shut down.
>> 
>> I would say we put that in the charter then, so everyone agrees to revisit on the same time frame.
>> 
>>> 
>>> There are a number of potential drafts out there that the group could adopt, but I'd rather see a CfAs happen in the group, rather than as part of the chartering process; that will help form the community and give it ownership over what's going on (and will give it some experience running the CfA process). I gave a talk about API standards and linked to the mailing list last night, and so far the mailing list has almost 20 new members -- many who AFAICT are new to the IETF and also actively practicing in this area.
>>> 
>>> So if the IESG insists, we can add a few initial drafts as milestones, but for the reasons above I have a fairly strong preference not to.
>>> 
>>>> In particular, I am wondering how the WG will define "specific use cases or applications" as referred to where the text says, "this WG will not take on work items for APIs for specific use cases or applications."
>>> 
>>> It says the WG will *not* do those things.
>> 
>> Right, my question is how do you know which things you won’t do?
>> 
>>> 
>>> That text is intended to prevent the WG from defining specific APIs. For example, if someone wants to create a HTTP API for DNS (to use a recent example), this group wouldn't be an appropriate place to do that.
>> 
>> I think for applications it’s clearer, but what is a “specific use case”? To use your example above, let’s say my use case is that I want to be able to digitally sign the contents of HTTP messages. Since that is apparently in scope for the WG, why does it not count as a “specific use case”? I’m not arguing with the limitation, I’m just hoping to have the charter be more expressive in describing the boundary.
>> 
>>> 
>>>> I agree with Magnus that it is unclear whether the third bullet encompasses work that the WG will do or not.
>>> 
>>> The intent there was that the group could talk about proposals for new status codes, but would need to defer their actual standardisation to the HTTP WG (since in HTTP status codes, like methods, are generic and not supposed to be specific to any application or even type of application).
>> 
>> Ok. It shouldn’t be in a bulleted list of what the WG’s outputs will be, but maybe can be described in its own paragraph.
>> 
>> Alissa
>> 
>>> 
>>> I'm open to figuring out another way to do this -- and maybe the charter doesn't need to be so specific (or maybe it needs to be more?). But I think it's generally safer for restricted items like status codes and methods to go through the HTTP WG; we've been burned before on this (e.g., see WEBDAV).
>>> 
>>>> The first sentence is clunky. I would suggest "In addition to its use for web browsing, HTTP is often used for machine-to-machine communication, facilitated by HTTP APIs."
>>> 
>>> Fine by me.
>>> 
>>> Some other responses --
>>> 
>>> Erik K said 'I still think the working group name might be shortened by removing "ttp".'
>>> 
>>> I don't think that would be wise; not only would it remove the reinforcement of the term 'HTTP API' (terminology has been a problem for a while in this area), but it would also conflict with Eran Hammer Lahev's HAPI framework for building HTTP services. I also find that the IETF's penchant for cute names can be confusing and off-putting to outsiders.
>>> 
>>> Éric asks 'Should there also be a link with the CoRE WG?'
>>> 
>>> Definitely not. CORE is not HTTP, and requiring coordination there would be burdensome to both communities. If the IESG is going to insist on coordination between HTTP and CORE, we have a *much* bigger discussion at our feet.
>>> 
>>> Ben wonders about TLS mutual authentication. I suspect that TLS extensions are out of scope for this community, but gauging interest in / requirements for doing it from HTTP APIs here could be useful.
>>> 
>>> Roman asks 'As written, does all HTTP for web browser go to HTTPbis; and machine-to-machine comes here?'
>>> 
>>> That's a rough yardstick;  I expect there to be fairly close communication and coordination between the groups about potential work. This isn't that unusual in the IETF; e.g., I've seen work items go from SECDISPATCH to DISPATCH and then to the HTTP WG, with a fair amount of back-channel coordination between the relevant WG chairs and ADs.
>>> 
>>> I'd also observe that from discussions I've had, this split makes sense to HTTP folks; it might not from a greater distance, but I do think it'll work.
>>> 
>>> Cheers,
>>> 
>>> --
>>> Mark Nottingham   https://www.mnot.net/
>>> 
>>

v2.23.0 | Report a Bug | By Email