W3C home > Mailing lists > Public > public-rdf-dawg-comments@w3.org > January 2006

Re: URI serialization issues

From: Kendall Clark <kendall@monkeyfist.com>
Date: Tue, 17 Jan 2006 16:16:24 -0500
Message-Id: <20B958E6-F1D1-4E3A-9C35-EEC08D02D57B@monkeyfist.com>
Cc: public-rdf-dawg-comments@w3.org
To: Mark Baker <distobj@acm.org>


On Jan 17, 2006, at 11:34 AM, Mark Baker wrote:

>
> In the HTTP binding part of the protocol[1], the advice as to whether
> or not a URI serialization for the query is suitable is given as;
>
> "The GET binding should be used except in cases where the URL-encoded
> query exceeds practicable limits, in which case the POST binding
> should be used."
>
> Due to the considerations in the "security" section about possible
> denial-of-service attacks, combined with the assumed "do no harm"
> (safety) aspect of GET, I think it's quite reasonable for a service
> provider not to expose potentially expensive queries via URI+GET.
>
> I still like the idea of a SHOULD-level requirement for using URIs
> though, so perhaps something like this could be said;
>
> "The GET binding SHOULD be used except in the following cases, in
> which case the POST binding SHOULD be used;
>
>   o where the URL-encoded query exceeds practicable length limits
>   o where the cost of processing the query may be prohibitive (see
> Section 3.1, "Security")"

Actually, Mark, I just realized that the editor's draft already has  
language to this effect:

<p>The <code>queryHttpGet</code> binding <strong>should</strong> be  
used except in cases where the URL-encoded query exceeds practicable  
limits, in which case the <code>queryHttpPost</code> binding  
<strong>should</strong> be used.</p>

Is that sufficient? (Now that I've thought about things a bit more,  
the 2nd point seems much more ambiguous and complex.)

Cheers,
Kendall
--
You're part of the human race
All of the stars and the outer space
Part of the system again
Received on Tuesday, 17 January 2006 21:16:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:14:50 GMT