Re: [httpapi] Discussion of adopting Content-Warning header
André Cedik <andre.cedik@googlemail.com> Thu, 28 January 2021 08:22 UTC
Return-Path: <andre.cedik@googlemail.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0390C3A145E for <httpapi@ietfa.amsl.com>; Thu, 28 Jan 2021 00:22:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u180LfoBXcdI for <httpapi@ietfa.amsl.com>; Thu, 28 Jan 2021 00:21:57 -0800 (PST)
Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 744AE3A1411 for <httpapi@ietf.org>; Thu, 28 Jan 2021 00:21:55 -0800 (PST)
Received: by mail-wm1-x336.google.com with SMTP id i9so3853108wmq.1 for <httpapi@ietf.org>; Thu, 28 Jan 2021 00:21:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=boaeTK0jlz5lgViGB4/K1PXQ/Bm4NatSevy2KaVsekw=; b=ghYuv4zN6t4ZjFhaLV80xQmG1iVFHIIGzF8odZcEUdiNms4BjnvPhfqSWVpMHiFcc+ x2WY0oHYjuFb8hI3o4lEvB68OJSou7+2lCJRBKgCi25aFqtQB2AXpFsfgIuqszEHt4wq K9gynQfkLzsEjZ9R1oRplhNeclY5rdgabUkijHxVXmSvW15sRGHZRpHa9NHSx9NSlxyY XOf5AG4uZat5QM9EJ1pQbw9BRm3CfC+fiJi5XIajRxwJAG9u8iOjexmDzw8eiygzQcKi TlCnhuyY/TGkTdjdio8MOpMqBvTqt2oLUvEFr6d6tTttHgxAu996bizDCZRCWD5IsXGG 9HZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=boaeTK0jlz5lgViGB4/K1PXQ/Bm4NatSevy2KaVsekw=; b=Je0cGPNl8yNe8L1iSOWSWgLxLJcQfsDhJQVLxqKZNyZ7PkdA/GDuyGHLLOFy5lknFN SohyFQyca+i6WaM8q9WfYCYbjBvw+O/9E3v67j9MMLsae3Kd4XpH0bpqtwN3cb7numty MgcnUOCxUuEdvfWz6UPQK4LkgmVqnyAKp3jW+fR+F+ksOwmb8ohRP+cfful1bB2i+mFI HpSAManSWd0S4VdOyJzjJmpN1tb7nOcXpSxCklF7dXLVt1BS2DnJK01TIMziCy1//lZw QAjbqLS+BLtPEyzre5jo6iC5DasrDdAhxsFMAsQbLrKmssg8l1HZPWknKzAqbgjymNyO 6/tg==
X-Gm-Message-State: AOAM5318gKjAoCBzK1tAmASgFcS2bjYgDOK99kwf5fKZoz/ZpqzZzKdC 62vdX+HAIZ8cIeo7CrcfESCOFaKnnVhZz7voLrtQVeELBDKLaw==
X-Google-Smtp-Source: ABdhPJzPRS2HfH7KvZQ1QK56jHCMBj2edgkMnnRm+MApndXQmBavxZp265c3BelcefkXfA7ceWpPYnJFny0WSxsmKnE=
X-Received: by 2002:a1c:4303:: with SMTP id q3mr7568724wma.3.1611822113465; Thu, 28 Jan 2021 00:21:53 -0800 (PST)
MIME-Version: 1.0
References: <88ED49DB-E081-4C97-9FB9-080A1C585435@akamai.com> <C6EF74FA-4987-48EB-8F7B-74EB54C295CD@mnot.net>
In-Reply-To: <C6EF74FA-4987-48EB-8F7B-74EB54C295CD@mnot.net>
From: André Cedik <andre.cedik@googlemail.com>
Date: Thu, 28 Jan 2021 09:21:42 +0100
Message-ID: <CAEQcYZhF4X9c+4zknGvCQgW4mgcemMTG66dhH6S7=9bVDjmeYQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "httpapi@ietf.org" <httpapi@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000083a81205b9f1947c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/_OlnfdDM_ZMVUaw-RqO6f7EMyqQ>
Subject: Re: [httpapi] Discussion of adopting Content-Warning header
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2021 08:22:06 -0000
Thank you for the reply Mark. Let me take a step back and explain where I'm coming from. Maybe this can clear up things. For those who don't know shipcloud.io we're a so-called shipping service provider. So just like e.g. Stripe who's connecting you to payment providers, we're aggregating the (web) services of shipping providers (carriers) like UPS, FedEx, etc. into a single API and are making them available via a SaaS business model. Since every carrier is handling things "a little bit" differently it's not always so easy to communicate certain things back to our (API) users. Especially when it comes to what I would call "outcomes of internal automation/knowledge". One of those examples would be the automatic correction of addresses. To create a shipping label at a carrier, we of course have to send them the recipients' and senders' addresses. Based on their services' knowledge of address data, they may change an address to something that they know is (more) correct. This is done on their side and when the return gets back to us, we are also getting the information that they've changed something while processing our request. So now we basically receive a set of data that doesn't match the original request. To be able to convey to (API) users that something has changed and they should have a look at it before just accepting the fact, is my main goal because they will be charged for the shipping label that has been created nonetheless. What I would like to achieve is something that Erik already was able to do by introducing application/problem+json with RFC 7808, creating a standard people can use without having to reinvent the wheel. This would make API adoption easier because consumers of an API wouldn't have to figure out how warnings are transported for a specific API. The challenge with warnings from my point of view is the fact that the original request was successful - in our case, a shipping label has been created - but there were "side effects" that may need to be addressed. If it would only boil down to this I'd say "let's create a content-type application/warnings+json" or something similar. But I would make the assumption that there are use cases where warnings and errors can both happen with one request. Maybe because something happened at an intermediary and the destination server which is processing the request is throwing e.g. a server error. This is one of the reasons why we opted to make it a header field. The other being that there might be other use cases where an "embedded-warning" doesn't make sense. This is why the concept of a registry was introduced to create other warning types. I'm sure there are other use cases similar or exactly like ours since the feedback we received so far has been positive towards creating a standard for warning information. Just let me know if I was able to clear things up a bit, or if you need more information. On Thu, Jan 28, 2021 at 7:39 AM Mark Nottingham <mnot@mnot.net> wrote: > Hi, > > I've re-read this draft. > > I don't understand what the use case is -- specifically, what benefit > exposing this information in a header field brings. > > The JSON format described can already be used, and is identified with a > distinct media type; that should be enough to indicate to a recipient that > the content of the message is a problem. > > Are there cases where it's expected that generic HTTP software (e.g., an > intermediary) separate from the application in question is going to need to > know this information? That's the usual reason for standardising a header > field (the other being that the format doesn't accommodate that information > in question, but that doesn't seem to be the case here). > > Cheers, > > > > On 11 Dec 2020, at 3:07 am, Salz, Rich <rsalz= > 40akamai.com@dmarc.ietf.org> wrote: > > > > At our meeting at IETF 109, we discussed > > > https://tools.ietf.org/html/draft-cedik-http-warning-02 > > > > Let’s discuss this (we didn’t have enough time at the virtual). Feel > free to use this thread or start new ones. > > -- > > httpapi mailing list > > httpapi@ietf.org > > https://www.ietf.org/mailman/listinfo/httpapi > > -- > Mark Nottingham https://www.mnot.net/ > > -- > httpapi mailing list > httpapi@ietf.org > https://www.ietf.org/mailman/listinfo/httpapi >
- [httpapi] Discussion of adopting Content-Warning … Salz, Rich
- Re: [httpapi] Discussion of adopting Content-Warn… Erik Wilde
- Re: [httpapi] Discussion of adopting Content-Warn… Darrel Miller
- Re: [httpapi] Discussion of adopting Content-Warn… Roberto Polli
- Re: [httpapi] Discussion of adopting Content-Warn… André Cedik
- Re: [httpapi] Discussion of adopting Content-Warn… Mark Nottingham
- Re: [httpapi] Discussion of adopting Content-Warn… André Cedik
- Re: [httpapi] Discussion of adopting Content-Warn… Mark Nottingham
- Re: [httpapi] Discussion of adopting Content-Warn… Roberto Polli
- Re: [httpapi] Discussion of adopting Content-Warn… Asbjørn Ulsberg