IETF Logo Mail Archive

Re: [httpapi] Alissa Cooper's Block on charter-ietf-httpapi-00-00: (with BLOCK and COMMENT)

Mark Nottingham <mnot@mnot.net> Thu, 10 September 2020 01:15 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D7B43A09E9; Wed, 9 Sep 2020 18:15:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=fiJSO5iK; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Jg6dVzCy
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njDzSpNREUot; Wed, 9 Sep 2020 18:15:48 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0741D3A09E8; Wed, 9 Sep 2020 18:15:48 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 579CEC02; Wed, 9 Sep 2020 21:15:47 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 09 Sep 2020 21:15:47 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm3; bh=D 7K/+Nw3AZbnqP3HYOa649vxDAZHDxw25cNmBxB+NTk=; b=fiJSO5iK0a9TJbf/w b4AoMFkL6RDEEDKZ/VQ5paWAAqiy6s4McnziTligJkKlqYaOOzml82/GJQekss1K fiYTT+IiEjE1fJWUptRbAbRqhwf8dZlBaXllONdWCEUCQ+rXM3jpwNvHAoa8geZq 4QCz6pcDcQu8z241sdXtlPef6N9fhH1JyXghWSu+8AGaBgCE0XFecR9aLp23HCmr m/fLLQIXKJg/eoqjGh7PQ6OzyKvM7YPk8e4vJYNzX+rGBcHJEP/gCeqFW0yR+Xf7 BqBUx3WjBzMosdNs/DP8q2yo3nwd+P2GSDcKNUyDYTqTlefzaw8RPqKrKTb345n9 HFKKA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=D7K/+Nw3AZbnqP3HYOa649vxDAZHDxw25cNmBxB+N Tk=; b=Jg6dVzCytupeiRVMp82Fi1DuioRR6ribq4U2MEA0G7m6GKU/RiG00Xna8 kHAGAtSTEuQA7eKwFbYo1Tc7rnp8sdTc7Ir67xJ56gsH+lLkAZ1N/ba+kGdoHJ7F oQs/V5G0ga445zRtrUJkc744Yd1kzE8j2COdabyqbzBG4Wd0fBI25dc1tmAi85Y3 uFZYfLocYQC5mncaXPGq/R9dnmwwlZInL2PvQpOIEaA1bktlxdnK0aMaNKCdQ7xb jQY4ZR8G4aDft3gEkek+mWSIgtuxzVuXCdQe0UTwX2uC+VFG+3G2NOiBMopFdVth +0P+nV9mfvv7jKW+0O5jvf1bkycgg==
X-ME-Sender: <xms:Qn5ZX6yisL-iQ3R_ipPTzjrvzykNf1iz1kK26NSDsWtbYWyfBahgMg> <xme:Qn5ZX2Tn4bYaiDAqq7ZXfsBPXliGKa4sIhxyFuM9TjdvoDuQaDUdB9UIrsGlimu85 yZp9Iqm9D-3QPz-3w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudehiedggeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtjeenucfhrhhomhepofgrrhhk ucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpeefgedvgfejgedvteeuudekveefhfehleeiveejjeekhfffheekjeeikeejtdeh jeenucffohhmrghinhepihgvthhfrdhorhhgpdhmnhhothdrnhgvthenucfkphepuddule drudejrdduheekrddvhedunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepmhhnohhtsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:Qn5ZX8W1o9NcaVJi3kgmOK5Gq1VeoLHGf7cKZxoj6YmS62tOkSbs_A> <xmx:Qn5ZXwjPgt5r-qG4MFt9xYub6YvewBhqHHLpSKQ5a0DOykH9dSSk0w> <xmx:Qn5ZX8AaV0t4y6yU0c1iflMBlTdcwfVXTWLii8eN8euBNi6UBug6vg> <xmx:Qn5ZX_9JIDmWiCagE2wWjtPSy4plCWhH9U-osNHDaNiON6pmJdv-Ug>
Received: from [192.168.7.30] (119-17-158-251.77119e.mel.static.aussiebb.net [119.17.158.251]) by mail.messagingengine.com (Postfix) with ESMTPA id A1FA03280060; Wed, 9 Sep 2020 21:15:44 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <159966323879.8094.15005725001447785927@ietfa.amsl.com>
Date: Thu, 10 Sep 2020 11:15:42 +1000
Cc: The IESG <iesg@ietf.org>, httpapi@ietf.org, httpapi-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <EFA2643E-6A3D-48A9-A02F-C02C0E3E0B97@mnot.net>
References: <159966323879.8094.15005725001447785927@ietfa.amsl.com>
To: Alissa Cooper <alissa@cooperw.in>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/KcoChgmc6IVw3V36e38PmxBn7lQ>
Subject: Re: [httpapi] Alissa Cooper's Block on charter-ietf-httpapi-00-00: (with BLOCK and COMMENT)
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 01:15:52 -0000

Hi Alissa (et al),

Apologies, I missed many of the previous charter comments (there was some confusion about list creation -- it seems not many people were told), so I'll respond to some previous ones here.

(For folks who have just joined the list: this is the IESG's discussion of whether to adopt the WG charter; see <https://datatracker.ietf.org/doc/charter-ietf-httpapi/ballot/> and feel free to chime in).

> On 10 Sep 2020, at 12:53 am, Alissa Cooper via Datatracker <noreply@ietf.org> wrote:
> 
> I agree with Martin.

Martin's comment was:

> from the charter I have no idea what portion of this large problem space constitutes the short-term objectives of this group.

As discussed in DISPATCH, this is purposefully not proposed with immediate milestones. To date, we've done some API-related work in the HTTP WG (e.g., Signatures), and in many ways this proposal is simply splitting that work out into a separate group to make it more accessible to its target community.

So, to Murray and Roman's comments, yes this is intended to be a standing group -- *if* it is healthy. I would consider it on probation for at least 6-9 months, to see if it's able to have good interaction with the rest of the API community and be productive; if not, as I've said many times I'll be the one most loudly calling for it to be shut down.

There are a number of potential drafts out there that the group could adopt, but I'd rather see a CfAs happen in the group, rather than as part of the chartering process; that will help form the community and give it ownership over what's going on (and will give it some experience running the CfA process). I gave a talk about API standards and linked to the mailing list last night, and so far the mailing list has almost 20 new members -- many who AFAICT are new to the IETF and also actively practicing in this area.

So if the IESG insists, we can add a few initial drafts as milestones, but for the reasons above I have a fairly strong preference not to.

> In particular, I am wondering how the WG will define "specific use cases or applications" as referred to where the text says, "this WG will not take on work items for APIs for specific use cases or applications."

It says the WG will *not* do those things.

That text is intended to prevent the WG from defining specific APIs. For example, if someone wants to create a HTTP API for DNS (to use a recent example), this group wouldn't be an appropriate place to do that.

> I agree with Magnus that it is unclear whether the third bullet encompasses work that the WG will do or not.

The intent there was that the group could talk about proposals for new status codes, but would need to defer their actual standardisation to the HTTP WG (since in HTTP status codes, like methods, are generic and not supposed to be specific to any application or even type of application).

I'm open to figuring out another way to do this -- and maybe the charter doesn't need to be so specific (or maybe it needs to be more?). But I think it's generally safer for restricted items like status codes and methods to go through the HTTP WG; we've been burned before on this (e.g., see WEBDAV).

> The first sentence is clunky. I would suggest "In addition to its use for web browsing, HTTP is often used for machine-to-machine communication, facilitated by HTTP APIs."

Fine by me.

Some other responses --

Erik K said 'I still think the working group name might be shortened by removing "ttp".'

I don't think that would be wise; not only would it remove the reinforcement of the term 'HTTP API' (terminology has been a problem for a while in this area), but it would also conflict with Eran Hammer Lahev's HAPI framework for building HTTP services. I also find that the IETF's penchant for cute names can be confusing and off-putting to outsiders.

Éric asks 'Should there also be a link with the CoRE WG?' 

Definitely not. CORE is not HTTP, and requiring coordination there would be burdensome to both communities. If the IESG is going to insist on coordination between HTTP and CORE, we have a *much* bigger discussion at our feet.

Ben wonders about TLS mutual authentication. I suspect that TLS extensions are out of scope for this community, but gauging interest in / requirements for doing it from HTTP APIs here could be useful. 

Roman asks 'As written, does all HTTP for web browser go to HTTPbis; and machine-to-machine comes here?'

That's a rough yardstick;  I expect there to be fairly close communication and coordination between the groups about potential work. This isn't that unusual in the IETF; e.g., I've seen work items go from SECDISPATCH to DISPATCH and then to the HTTP WG, with a fair amount of back-channel coordination between the relevant WG chairs and ADs.

I'd also observe that from discussions I've had, this split makes sense to HTTP folks; it might not from a greater distance, but I do think it'll work.

Cheers,

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email