W3C home > Mailing lists > Public > public-rdf-dawg-comments@w3.org > January 2006

URI serialization issues

From: Mark Baker <distobj@acm.org>
Date: Tue, 17 Jan 2006 11:34:45 -0500
Message-ID: <c70bc85d0601170834w26e3e7f5wda95586880e7100d@mail.gmail.com>
To: public-rdf-dawg-comments@w3.org

In the HTTP binding part of the protocol[1], the advice as to whether
or not a URI serialization for the query is suitable is given as;

"The GET binding should be used except in cases where the URL-encoded
query exceeds practicable limits, in which case the POST binding
should be used."

Due to the considerations in the "security" section about possible
denial-of-service attacks, combined with the assumed "do no harm"
(safety) aspect of GET, I think it's quite reasonable for a service
provider not to expose potentially expensive queries via URI+GET.

I still like the idea of a SHOULD-level requirement for using URIs
though, so perhaps something like this could be said;

"The GET binding SHOULD be used except in the following cases, in
which case the POST binding SHOULD be used;

  o where the URL-encoded query exceeds practicable length limits
  o where the cost of processing the query may be prohibitive (see
Section 3.1, "Security")"

P.S. the subsections of section 3 are numbered in the TOC, but not in
the document.

Cheers,

 [1] http://www.w3.org/TR/rdf-sparql-protocol/#query-bindings-http

Mark.
--
Mark Baker.  Ottawa, Ontario, CANADA.       http://www.markbaker.ca
Coactus; Web-inspired integration strategies  http://www.coactus.com
Received on Tuesday, 17 January 2006 16:34:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:14:50 GMT