IETF Logo Mail Archive

Re: [httpapi] Discussion of adopting Content-Warning header

André Cedik <andre.cedik@googlemail.com> Thu, 28 January 2021 08:22 UTC

Return-Path: <andre.cedik@googlemail.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0390C3A145E for <httpapi@ietfa.amsl.com>; Thu, 28 Jan 2021 00:22:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u180LfoBXcdI for <httpapi@ietfa.amsl.com>; Thu, 28 Jan 2021 00:21:57 -0800 (PST)
Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 744AE3A1411 for <httpapi@ietf.org>; Thu, 28 Jan 2021 00:21:55 -0800 (PST)
Received: by mail-wm1-x336.google.com with SMTP id i9so3853108wmq.1 for <httpapi@ietf.org>; Thu, 28 Jan 2021 00:21:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=boaeTK0jlz5lgViGB4/K1PXQ/Bm4NatSevy2KaVsekw=; b=ghYuv4zN6t4ZjFhaLV80xQmG1iVFHIIGzF8odZcEUdiNms4BjnvPhfqSWVpMHiFcc+ x2WY0oHYjuFb8hI3o4lEvB68OJSou7+2lCJRBKgCi25aFqtQB2AXpFsfgIuqszEHt4wq K9gynQfkLzsEjZ9R1oRplhNeclY5rdgabUkijHxVXmSvW15sRGHZRpHa9NHSx9NSlxyY XOf5AG4uZat5QM9EJ1pQbw9BRm3CfC+fiJi5XIajRxwJAG9u8iOjexmDzw8eiygzQcKi TlCnhuyY/TGkTdjdio8MOpMqBvTqt2oLUvEFr6d6tTttHgxAu996bizDCZRCWD5IsXGG 9HZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=boaeTK0jlz5lgViGB4/K1PXQ/Bm4NatSevy2KaVsekw=; b=Je0cGPNl8yNe8L1iSOWSWgLxLJcQfsDhJQVLxqKZNyZ7PkdA/GDuyGHLLOFy5lknFN SohyFQyca+i6WaM8q9WfYCYbjBvw+O/9E3v67j9MMLsae3Kd4XpH0bpqtwN3cb7numty MgcnUOCxUuEdvfWz6UPQK4LkgmVqnyAKp3jW+fR+F+ksOwmb8ohRP+cfful1bB2i+mFI HpSAManSWd0S4VdOyJzjJmpN1tb7nOcXpSxCklF7dXLVt1BS2DnJK01TIMziCy1//lZw QAjbqLS+BLtPEyzre5jo6iC5DasrDdAhxsFMAsQbLrKmssg8l1HZPWknKzAqbgjymNyO 6/tg==
X-Gm-Message-State: AOAM5318gKjAoCBzK1tAmASgFcS2bjYgDOK99kwf5fKZoz/ZpqzZzKdC 62vdX+HAIZ8cIeo7CrcfESCOFaKnnVhZz7voLrtQVeELBDKLaw==
X-Google-Smtp-Source: ABdhPJzPRS2HfH7KvZQ1QK56jHCMBj2edgkMnnRm+MApndXQmBavxZp265c3BelcefkXfA7ceWpPYnJFny0WSxsmKnE=
X-Received: by 2002:a1c:4303:: with SMTP id q3mr7568724wma.3.1611822113465; Thu, 28 Jan 2021 00:21:53 -0800 (PST)
MIME-Version: 1.0
References: <88ED49DB-E081-4C97-9FB9-080A1C585435@akamai.com> <C6EF74FA-4987-48EB-8F7B-74EB54C295CD@mnot.net>
In-Reply-To: <C6EF74FA-4987-48EB-8F7B-74EB54C295CD@mnot.net>
From: André Cedik <andre.cedik@googlemail.com>
Date: Thu, 28 Jan 2021 09:21:42 +0100
Message-ID: <CAEQcYZhF4X9c+4zknGvCQgW4mgcemMTG66dhH6S7=9bVDjmeYQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "httpapi@ietf.org" <httpapi@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000083a81205b9f1947c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/_OlnfdDM_ZMVUaw-RqO6f7EMyqQ>
Subject: Re: [httpapi] Discussion of adopting Content-Warning header
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2021 08:22:06 -0000

Thank you for the reply Mark.
Let me take a step back and explain where I'm coming from. Maybe this can
clear up things.

For those who don't know shipcloud.io we're a so-called shipping service
provider. So just like e.g. Stripe who's connecting you to payment
providers, we're aggregating the (web) services of shipping providers
(carriers) like UPS, FedEx, etc. into a single API and are making them
available via a SaaS business model.

Since every carrier is handling things "a little bit" differently it's not
always so easy to communicate certain things back to our (API) users.
Especially when it comes to what I would call "outcomes of internal
automation/knowledge". One of those examples would be the automatic
correction of addresses. To create a shipping label at a carrier, we of
course have to send them the recipients' and senders' addresses. Based on
their services' knowledge of address data, they may change an address to
something that they know is (more) correct. This is done on their side and
when the return gets back to us, we are also getting the information that
they've changed something while processing our request. So now we basically
receive a set of data that doesn't match the original request.

To be able to convey to (API) users that something has changed and they
should have a look at it before just accepting the fact,  is my main goal
because they will be charged for the shipping label that has been created
nonetheless.

What I would like to achieve is something that Erik already was able to do
by introducing application/problem+json with RFC 7808, creating a standard
people can use without having to reinvent the wheel. This would make API
adoption easier because consumers of an API wouldn't have to figure out how
warnings are transported for a specific API.

The challenge with warnings from my point of view is the fact that the
original request was successful - in our case, a shipping label has been
created - but there were "side effects" that may need to be addressed. If
it would only boil down to this I'd say "let's create a
content-type application/warnings+json" or something similar. But I would
make the assumption that there are use cases where warnings and errors can
both happen with one request. Maybe because something happened at an
intermediary and the destination server which is processing the request is
throwing e.g. a server error. This is one of the reasons why we opted to
make it a header field. The other being that there might be other use cases
where an "embedded-warning" doesn't make sense. This is why the concept of
a registry was introduced to create other warning types.

I'm sure there are other use cases similar or exactly like ours since the
feedback we received so far has been positive towards creating a standard
for warning information.

Just let me know if I was able to clear things up a bit, or if you need
more information.

On Thu, Jan 28, 2021 at 7:39 AM Mark Nottingham <mnot@mnot.net> wrote:

> Hi,
>
> I've re-read this draft.
>
> I don't understand what the use case is -- specifically, what benefit
> exposing this information in a header field brings.
>
> The JSON format described can already be used, and is identified with a
> distinct media type; that should be enough to indicate to a recipient that
> the content of the message is a problem.
>
> Are there cases where it's expected that generic HTTP software (e.g., an
> intermediary) separate from the application in question is going to need to
> know this information? That's the usual reason for standardising a header
> field (the other being that the format doesn't accommodate that information
> in question, but that doesn't seem to be the case here).
>
> Cheers,
>
>
> > On 11 Dec 2020, at 3:07 am, Salz, Rich <rsalz=
> 40akamai.com@dmarc.ietf.org> wrote:
> >
> > At our meeting at IETF 109, we discussed
> >
> https://tools.ietf.org/html/draft-cedik-http-warning-02
> >
> > Let’s discuss this (we didn’t have enough time at the virtual). Feel
> free to use this thread or start new ones.
> > --
> > httpapi mailing list
> > httpapi@ietf.org
> > https://www.ietf.org/mailman/listinfo/httpapi
>
> --
> Mark Nottingham   https://www.mnot.net/
>
> --
> httpapi mailing list
> httpapi@ietf.org
> https://www.ietf.org/mailman/listinfo/httpapi
>

v2.23.0 | Report a Bug | By Email