IETF Logo Mail Archive

[weirds] REST-pect-ful

Olaf Kolkman <olaf@nlnetlabs.nl> Wed, 11 July 2012 20:11 UTC

Return-Path: <olaf@nlnetlabs.nl>
X-Original-To: weirds@ietfa.amsl.com
Delivered-To: weirds@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C264721F852B for <weirds@ietfa.amsl.com>; Wed, 11 Jul 2012 13:11:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6zGHMFlVkWpD for <weirds@ietfa.amsl.com>; Wed, 11 Jul 2012 13:11:43 -0700 (PDT)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id B141E21F852C for <weirds@ietf.org>; Wed, 11 Jul 2012 13:11:41 -0700 (PDT)
Received: from [192.168.178.34] (peer.kolkman.org [82.95.132.144]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.5/8.14.4) with ESMTP id q6BKBUaG017664 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <weirds@ietf.org>; Wed, 11 Jul 2012 22:12:08 +0200 (CEST) (envelope-from olaf@nlnetlabs.nl)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1342037529; bh=K4hTvqTQpmNzYme26ddX6OOAzNwklru3mtJbUdEr+es=; h=From:Subject:Date:To; b=hZGD9TWuzltZMY4uliOn9f9AE8YETXDD8MonKcsb72Ve85HseqQfZSa0OvfsvB3pM XL9rS4C8cyvR5663ms8G81SnyqHrKGb/Y3RsgcjV5fNxmgyhPSHVf1SesTtEKo2vuX ekNpOC4rb6dJlYvidZODj5ceImDdkKaCaAZdpaBY=
From: Olaf Kolkman <olaf@nlnetlabs.nl>
Content-Type: multipart/signed; boundary="Apple-Mail=_7BC73EFB-6EE5-45B4-B1CD-6BFE8F6CF091"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Date: Wed, 11 Jul 2012 22:11:47 +0200
Message-Id: <1CF8D124-F26C-4F7F-8A05-12C3C2B9BAC3@NLnetLabs.nl>
To: Web Extensible Internet Registration Data Service Working Group <weirds@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (open.nlnetlabs.nl [213.154.224.1]); Wed, 11 Jul 2012 22:12:08 +0200 (CEST)
Subject: [weirds] REST-pect-ful
X-BeenThere: weirds@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "WHOIS-based Extensible Internet Registration Data Service \(WEIRDS\)" <weirds.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/weirds>, <mailto:weirds-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/weirds>
List-Post: <mailto:weirds@ietf.org>
List-Help: <mailto:weirds-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/weirds>, <mailto:weirds-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 20:11:43 -0000

(Also see mail with subject: "Setting the WEIRDS IETF 84 agenda")

Colleagues,

I believe that sorting out how to do service differentiation during an early stage of protocol development is useful.

What I can see is that at some point there is a resource, an object with several elements, for which a local policy of a data provider is that some of its clients are required to have access to that information while others are required to not gain access. A typical example being Contact information whereby a telephone number needs to be made available to law-enforcement, while in general that sort of information is considered privacy sensitive and is not to be shipped to the general public. Note this is an example of a local policy that is not unlikely.

The premise is that we want the protocol to support these sort of policy choices (Who sets the policy is not within scope of the working group).

The other premise is that we "use standard features of HTTP to support differential service levels to different classes of user." [Charter]

The question is what approach do we take, in general, in order to respect the RESTful approach and still differentiate.

It seems that draft-kong-dnrd-ap-response-json section 3.3 uses a mechanism that we can base a straw-man on: 

The resource that is returned as for a query for a contact returns a general identifier with elements that contain URIs for the address, phone number and other person information. If you want to resolve those elements in more detail you will have to do a new query. That query might be refused based on authentication.

I wonder if this approach makes sense, and whether there are better alternatives being considered.

Anther method I thought of is serve up all elements but fill in 'REFUSED', or another magic string or code that indicates the client is not allowed to see those elements. But that doesn't seem very RESTful and I dismissed it.

Questions to the group.

Is the approach as described above (and worked out in Kong et al.'s Internet Draft) an approach we can consent on? Are there alternatives? Are there issues with this approach that need further thought.

Since the answer to this question sets direction

--Olaf














The output of this discussion could end up in draft-designteam-weirds-using-http



_______________________________________________________ 
Olaf Kolkman -- NLnet Labs
http://www.nlnetlabs.nl/

v2.23.0 | Report a Bug | By Email