IETF Logo Mail Archive

Re: [httpapi] Alissa Cooper's Block on charter-ietf-httpapi-00-00: (with BLOCK and COMMENT)

Alissa Cooper <alissa@cooperw.in> Thu, 10 September 2020 12:44 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E4933A0853; Thu, 10 Sep 2020 05:44:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=SHEcl6/g; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=KmssQFRi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IutA6KSgt3nR; Thu, 10 Sep 2020 05:44:05 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 131873A0991; Thu, 10 Sep 2020 05:43:43 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 0E8FB5C005D; Thu, 10 Sep 2020 08:43:42 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Thu, 10 Sep 2020 08:43:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=U rP5aRGLvmCEDFnJqSOwmC4NEDlkbH4rMmgkVhKryHY=; b=SHEcl6/gxKBwfhYSS YJGBCL4rqnY7R3AKmG2g7zJOdBYp5aNokuwAV3Voxt7CNSm3VfNwtNf7Q6BxzrZq dEDPZw/3cO5PVIIO0vCp3z9LMLKujbkNpPhNlJmsOS7PmRDxxJZ99Dk69vho3G38 Qi9u0Qu28uf3bs0cU+onGR/T/Bb2L58tiQ8/lwV3s725jr2kelRAFowopeM+DmYi s3md3Kzm7JFUb7Tcz9F1BViYGJrT0HELW5j5QfbF6Lrx/r7CTpeV8Oyc+V4KTDPf vzNN097wK/wItOrRoBV9ld7gzJLSFTOOMg+F2jYLAfSnqI5cAvdlA7gZKyLVvERN pp6ow==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=UrP5aRGLvmCEDFnJqSOwmC4NEDlkbH4rMmgkVhKry HY=; b=KmssQFRivRtkNJGG5/omq4IG+Phn2N9Dlax875FHvHjY2bX9nFS3XoPsh E4mn4VkQGX1TRp/2IjAUZNhFbYoV/E4bnOaUdfqwDU+h15TG9EDJp4KFudLPDqE4 8jzwae32oijbdKMd/FE0/JAKQXb1drBgveiZC/NjpFxqReL2FFqXmhe/w9TahhxI Zn7OFQTePjrwjfSH4oBwF8FsfBlFZvgHC7E9Nvjy1W6j7HogIMEQT5gg/q2C4N0N QYqu1B5FExM/XCylgZ/yuQd770fHvl+K5F+JgRmoHTQKJvpFS8A0ULCmt/U1M2xk zYaD+t/045UnrfMLxmlWp0U0e+WIA==
X-ME-Sender: <xms:fR9aXwltrBiAVw5xGQLReGn5F3EiYe3RfcUD05MV_YBcav6u-ZWzbw> <xme:fR9aX_2eogWw3MCVRMs2fJyAY6zAGcHvF7G96kxr55y8xygP42lHBSd4buThN99kp NK4VHXrSCrbZgVuCQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudehjedggeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtjeenucfhrhhomheptehlihhs shgrucevohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeenucggtffrrg htthgvrhhnpeelveekieeuleegvdfhtddvtedvkeffieetkeetffevhedtteevieefvdet leetkeenucffohhmrghinhepihgvthhfrdhorhhgpdhmnhhothdrnhgvthenucfkphepud ejfedrfeekrdduudejrdekgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpegrlhhishhsrgestghoohhpvghrfidrihhn
X-ME-Proxy: <xmx:fR9aX-pXsW8nalURUxgeq_JF_oL6KGBZvFljMcTSddngRG-Zgl5l9g> <xmx:fR9aX8kWGiBlrRS8A4V6jDRZIRbKJ0vGrwN4zuRw9iZHN9KkmY8OxA> <xmx:fR9aX-0NJKdQn_LsE7ypqxXcRejZ1eVcCmoWPhe9Kj0Z_Of9mboHFQ> <xmx:fh9aXz_S55TVONtp-9RCO-svxaHK59vNNUrVgaiM9zXBlRGecyp-0Q>
Received: from rtp-alcoop-nitro2.cisco.com (unknown [173.38.117.84]) by mail.messagingengine.com (Postfix) with ESMTPA id 96898328005E; Thu, 10 Sep 2020 08:43:41 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <EFA2643E-6A3D-48A9-A02F-C02C0E3E0B97@mnot.net>
Date: Thu, 10 Sep 2020 08:43:40 -0400
Cc: IESG <iesg@ietf.org>, httpapi@ietf.org, httpapi-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <752C5863-F10A-44A4-8459-CBF7529C14CC@cooperw.in>
References: <159966323879.8094.15005725001447785927@ietfa.amsl.com> <EFA2643E-6A3D-48A9-A02F-C02C0E3E0B97@mnot.net>
To: Mark Nottingham <mnot@mnot.net>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/wLBUqLMWFaQoSx1E8kvv6tjxYbg>
Subject: Re: [httpapi] Alissa Cooper's Block on charter-ietf-httpapi-00-00: (with BLOCK and COMMENT)
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 12:44:07 -0000

Hi Mark,

> On Sep 9, 2020, at 9:15 PM, Mark Nottingham <mnot@mnot.net> wrote:
> 
> Hi Alissa (et al),
> 
> Apologies, I missed many of the previous charter comments (there was some confusion about list creation -- it seems not many people were told), so I'll respond to some previous ones here.
> 
> (For folks who have just joined the list: this is the IESG's discussion of whether to adopt the WG charter; see <https://datatracker.ietf.org/doc/charter-ietf-httpapi/ballot/> and feel free to chime in).
> 
>> On 10 Sep 2020, at 12:53 am, Alissa Cooper via Datatracker <noreply@ietf.org> wrote:
>> 
>> I agree with Martin.
> 
> Martin's comment was:
> 
>> from the charter I have no idea what portion of this large problem space constitutes the short-term objectives of this group.
> 
> As discussed in DISPATCH, this is purposefully not proposed with immediate milestones. To date, we've done some API-related work in the HTTP WG (e.g., Signatures), and in many ways this proposal is simply splitting that work out into a separate group to make it more accessible to its target community.
> 
> So, to Murray and Roman's comments, yes this is intended to be a standing group -- *if* it is healthy. I would consider it on probation for at least 6-9 months, to see if it's able to have good interaction with the rest of the API community and be productive; if not, as I've said many times I'll be the one most loudly calling for it to be shut down.

I would say we put that in the charter then, so everyone agrees to revisit on the same time frame.

> 
> There are a number of potential drafts out there that the group could adopt, but I'd rather see a CfAs happen in the group, rather than as part of the chartering process; that will help form the community and give it ownership over what's going on (and will give it some experience running the CfA process). I gave a talk about API standards and linked to the mailing list last night, and so far the mailing list has almost 20 new members -- many who AFAICT are new to the IETF and also actively practicing in this area.
> 
> So if the IESG insists, we can add a few initial drafts as milestones, but for the reasons above I have a fairly strong preference not to.
> 
>> In particular, I am wondering how the WG will define "specific use cases or applications" as referred to where the text says, "this WG will not take on work items for APIs for specific use cases or applications."
> 
> It says the WG will *not* do those things.

Right, my question is how do you know which things you won’t do? 

> 
> That text is intended to prevent the WG from defining specific APIs. For example, if someone wants to create a HTTP API for DNS (to use a recent example), this group wouldn't be an appropriate place to do that.

I think for applications it’s clearer, but what is a “specific use case”? To use your example above, let’s say my use case is that I want to be able to digitally sign the contents of HTTP messages. Since that is apparently in scope for the WG, why does it not count as a “specific use case”? I’m not arguing with the limitation, I’m just hoping to have the charter be more expressive in describing the boundary.

> 
>> I agree with Magnus that it is unclear whether the third bullet encompasses work that the WG will do or not.
> 
> The intent there was that the group could talk about proposals for new status codes, but would need to defer their actual standardisation to the HTTP WG (since in HTTP status codes, like methods, are generic and not supposed to be specific to any application or even type of application).

Ok. It shouldn’t be in a bulleted list of what the WG’s outputs will be, but maybe can be described in its own paragraph.

Alissa

> 
> I'm open to figuring out another way to do this -- and maybe the charter doesn't need to be so specific (or maybe it needs to be more?). But I think it's generally safer for restricted items like status codes and methods to go through the HTTP WG; we've been burned before on this (e.g., see WEBDAV).
> 
>> The first sentence is clunky. I would suggest "In addition to its use for web browsing, HTTP is often used for machine-to-machine communication, facilitated by HTTP APIs."
> 
> Fine by me.
> 
> Some other responses --
> 
> Erik K said 'I still think the working group name might be shortened by removing "ttp".'
> 
> I don't think that would be wise; not only would it remove the reinforcement of the term 'HTTP API' (terminology has been a problem for a while in this area), but it would also conflict with Eran Hammer Lahev's HAPI framework for building HTTP services. I also find that the IETF's penchant for cute names can be confusing and off-putting to outsiders.
> 
> Éric asks 'Should there also be a link with the CoRE WG?' 
> 
> Definitely not. CORE is not HTTP, and requiring coordination there would be burdensome to both communities. If the IESG is going to insist on coordination between HTTP and CORE, we have a *much* bigger discussion at our feet.
> 
> Ben wonders about TLS mutual authentication. I suspect that TLS extensions are out of scope for this community, but gauging interest in / requirements for doing it from HTTP APIs here could be useful. 
> 
> Roman asks 'As written, does all HTTP for web browser go to HTTPbis; and machine-to-machine comes here?'
> 
> That's a rough yardstick;  I expect there to be fairly close communication and coordination between the groups about potential work. This isn't that unusual in the IETF; e.g., I've seen work items go from SECDISPATCH to DISPATCH and then to the HTTP WG, with a fair amount of back-channel coordination between the relevant WG chairs and ADs.
> 
> I'd also observe that from discussions I've had, this split makes sense to HTTP folks; it might not from a greater distance, but I do think it'll work.
> 
> Cheers,
> 
> --
> Mark Nottingham   https://www.mnot.net/
>

v2.23.0 | Report a Bug | By Email