Issue 27 (PUT Idempotency) from Julian Reschke on 2007-11-03 (ietf-http-wg@w3.org from October to December 2007)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 03 Nov 2007 13:29:11 +0100
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <472C6997.8000701@gmx.de>

Hi,

a recent discussion over at the HTML WG's mailing list (starting with 
<http://lists.w3.org/Archives/Public/public-html/2007Oct/0337.html>) 
reminded me about our issue 27 
(<http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i27>):

--
i27  	PUT idempotency  	RFC2616 - design - active

Description

     It *appears* that RFC3253 changes the idempotency of PUT; is this 
allowed? RFC3253 doesn't update or obsolete 2616...

     I can see a situation where a 3253-naive client decides to retry a 
timed-out PUT (after all, it's idempotent) and gets some side effects it 
didn't bargain for.
--

I saw Roy talking about this issue over at rest-discuss 
(<http://tech.groups.yahoo.com/group/rest-discuss/message/7387>):

"Just ignore the definition of idempotent in RFC 2616. Anything
specified in HTTP that defines how the server shall implement the
semantics of an interface method is wrong, by definition. What
matters is the effect on the interface as expected by the client,
not what actually happens on the server to implement that effect."

...which I understand that it's totally ok for a server to create new 
version resources when PUT is applied to a resource.

Now the HTML WG discussed the new A/@ping attribute 
(<http://dev.w3.org/cvsweb/~checkout~/html5/spec/Overview.html?rev=1.311&content-type=text/html;%20charset=iso-8859-1#hyperlink0>), 
which causes the UA to issue a *POST* request to the ping target when 
you follow a link.

The argument to make it POST instead of GET seems to be based on the 
fact that performing the link auditing causes a side-effect, and thus 
must use a non-idempotent method.

I would argue that this is a misinterpretation of HTTP/1.1, because

1) The user is not requesting the side effect (well, unless the UA's UI 
clearly indicates that this is not a "regular" link), and

2) The side effect itself affects a link tracking resource which in 
general will not even be exposed by the server.

Feedback appreciated,

Julian

Received on Saturday, 3 November 2007 12:29:33 UTC