IETF Logo Mail Archive

Re: New Version Notification for draft-divilly-status-555-00.txt

Colm Divilly <colm.divilly@oracle.com> Wed, 25 March 2020 13:12 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8019F3A0779 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 25 Mar 2020 06:12:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.215
X-Spam-Level:
X-Spam-Status: No, score=-4.215 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-1.463, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N_d4x62vxaTK for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 25 Mar 2020 06:12:23 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 808D63A0921 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 25 Mar 2020 06:12:23 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1jH5mO-0005O0-5J for ietf-http-wg-dist@listhub.w3.org; Wed, 25 Mar 2020 13:09:08 +0000
Resent-Date: Wed, 25 Mar 2020 13:09:08 +0000
Resent-Message-Id: <E1jH5mO-0005O0-5J@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <colm.divilly@oracle.com>) id 1jH5mM-0005NE-SO for ietf-http-wg@listhub.w3.org; Wed, 25 Mar 2020 13:09:06 +0000
Received: from userp2120.oracle.com ([156.151.31.85]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <colm.divilly@oracle.com>) id 1jH5mK-0004t2-65 for ietf-http-wg@w3.org; Wed, 25 Mar 2020 13:09:06 +0000
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 02PCsYGC079032; Wed, 25 Mar 2020 13:07:54 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2020-01-29; bh=j/On2gpL9UwXB+CM3MXYg6QqBFnQ9UqoyOk8oHB8ExE=; b=FOj2iN76bUL9b6mWt93yc3oF0KybKepUl/X/6a2gg2FWU9tixsNsZKF7Us+eohjRLfc5 wsxwa0to7oSFlA/Dn1Bw7hfec80bbnFdT1T6tlg4MlfsocKJmSqS6h50I0DqwMc8TVOn gLQbgSxIP9QaWhkdVPV+uqQV8XhRdXbDpkGrsRxnGXdFXW76AXI9CBsK7JCwWt93MPki 7UtojLzyRWykRLmTsuKzjY0s/iYs3WM3SMusSxS1dKEZ9n6zmSCWarXFJd9uaVwHz7TV KOoSL1nCfFaocO0teeUfTQc3saov0CM9Kc5cadM53jIBOXQM8uc8Jc6gs6FWM1TWR4+C jQ==
Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2120.oracle.com with ESMTP id 3005kv8jeq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Mar 2020 13:07:54 +0000
Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 02PD7p1q053742; Wed, 25 Mar 2020 13:07:54 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserp3030.oracle.com with ESMTP id 3006r6ken9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Mar 2020 13:07:53 +0000
Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 02PD7pqP017028; Wed, 25 Mar 2020 13:07:53 GMT
Received: from [10.74.118.156] (/10.74.118.156) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 25 Mar 2020 06:07:51 -0700
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Colm Divilly <colm.divilly@oracle.com>
In-Reply-To: <ef1a8bed-24b4-35f3-2d8a-e9a0be14c895@treenet.co.nz>
Date: Wed, 25 Mar 2020 13:07:47 +0000
Cc: ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4E3A8A1E-9A30-4D1C-885F-F1023EA0BD67@oracle.com>
References: <84C127AC-BA21-4CD8-9F79-8920ADE5BA4C@ORACLE.COM> <ef1a8bed-24b4-35f3-2d8a-e9a0be14c895@treenet.co.nz>
To: Amos Jeffries <squid3@treenet.co.nz>
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9570 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 adultscore=0 suspectscore=0 phishscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003250110
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9570 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 bulkscore=0 phishscore=0 suspectscore=0 impostorscore=0 spamscore=0 adultscore=0 priorityscore=1501 mlxlogscore=999 lowpriorityscore=0 mlxscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003250108
Received-SPF: pass client-ip=156.151.31.85; envelope-from=colm.divilly@oracle.com; helo=userp2120.oracle.com
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_NW=1
X-W3C-Scan-Sig: titan.w3.org 1jH5mK-0004t2-65 bba75034678081f82afa1c2577b777c6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-divilly-status-555-00.txt
Archived-At: <https://www.w3.org/mid/4E3A8A1E-9A30-4D1C-885F-F1023EA0BD67@oracle.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37480
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks for your feedback, see my comments below:

> On 25 Mar 2020, at 12:42, Amos Jeffries <squid3@treenet.co.nz> wrote:
> 
> On 25/03/20 12:02 pm, Colm Divilly wrote:
>> Hi All,
>>  for a product I help develop: Oracle REST Data Services (ORDS) [1], we
>> provide a hosted environment where third party users can dynamically at
>> runtime define their own REST APIs using SQL. Naturally there will be
>> coding and runtime errors in these REST APIs.
> 
> 
>> This creates a challenge
>> for users and operators. When such a resource raises an error the only
>> appropriate HTTP status code to use is 500 Internal Server Error. This
>> causes confusion as it looks like there is something wrong with ORDS,
>> where in fact there is only something wrong with the user supplied SQL.
> 
> 
> I see no guidance details about when this status is expected to be used,
> and the description given is lacking some important details:
> 
> 
> * Is this status used to reply to requests containing bad SQL?
No, this is not the model. At some earlier point user defines a REST endpoint powered by some program that they define (in our case SQL statements)
At a later point same/different user accesses the REST endpoint, the endpoint fails because of an error in the program.
> 
> If yes, then use of any 5xx is incorrect. The broken thing being part
> of the client message means it should be a 4xx status of some type.
> 
> 
> If no;
> 
> * Is the origin pre-configured with some SQL it failed to validate /
> wrongly accepted, which is now breaking responses?
> 
> If yes, then 500 is indeed correct status. The "Internal Error" just
> happens to have been created by the SQL acceptance.
> 

Yes, understood, that is the current state of the art. The problem is that this 500 Internal Server is too vague. It confuses the user making them think there is a problem with the server engine, rather than the specific user defined resource They cannot distinguish that the problem lies with the particular REST endpoint. It confuses automatic monitoring tools as they cannot distinguish between serious 500 Internal Server errors that require remediation and those of this kind where the fact that a given user created REST endpoint is error-ring is typically a benign state. It is expected that users will create endpoints that have error conditions. Those error conditions do not affect the overall availability of the server, just that particular user defined endpoint. They need to be clearly marked as such and the resource author provided with tools to review logs associated with the error condition to enable them to take action to address the error.

> Otherwise implies no SQL is known to the origin. So 404 would be
> appropriate. No such resource exists.
> 
> Or, ...
> 
> * Is the origin pre-configured with some SQL it has already accepted,
> but which does not produce a resource instance?
> 
> If yes, then the status should be 404 or 406. The origin is not broken,
> it simply does not have any representation that meets the request.
> 
> 
> 
> At the very least it would be good to describe what alternatives (other
> status, and other mechanisms) have been considered and why they are
> unworkable.
> 
We have done the following:

1. Added an additional proprietary header named Error-Reason, you can think of this as a sub-status code, that indicates the root cause of the internal server error lies in the user defined resource
2. Added explanatory text to the response document body for the 500 Internal Server Error status explaining that the root cause of the error is an error in the user defined resource

Problems with 1 are that it is not logged in things like access logs belonging to other intermediaries sitting in front of our product. Intermediary sees a 500 error in their access log, forms understanding that our software is broken, files support ticket, etc. 
Problems with 2 are that end users generally don't read the text carefully, they focus on the status code and the words 'Internal Server Error' and google that and form understanding that our software is broken, files support ticket etc.

> 
> PS. IIRC the number itself is supposed to be assigned by IANA *if* this
> document reaches acceptance. Not chosen by draft authors.
> 
Understood, we are not wedded to any particular status code number, we just chose one that was memorable and unallocated, it can change no problem.
> Amos
>

v2.23.0 | Report a Bug | By Email