W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > January to March 2006

Re: URI serialization issues

From: Pat Hayes <phayes@ihmc.us>
Date: Tue, 17 Jan 2006 15:07:51 -0600
Message-Id: <p0623090ebff30cfbf077@[10.100.0.23]>
To: Kendall Clark <kendall@monkeyfist.com>
Cc: dawg mailing list <public-rdf-dawg@w3.org>

>On Jan 17, 2006, at 11:34 AM, Mark Baker wrote:
>
>>
>>In the HTTP binding part of the protocol[1], the advice as to whether
>>or not a URI serialization for the query is suitable is given as;
>>
>>"The GET binding should be used except in cases where the URL-encoded
>>query exceeds practicable limits, in which case the POST binding
>>should be used."
>>
>>Due to the considerations in the "security" section about possible
>>denial-of-service attacks, combined with the assumed "do no harm"
>>(safety) aspect of GET, I think it's quite reasonable for a service
>>provider not to expose potentially expensive queries via URI+GET.
>>
>>I still like the idea of a SHOULD-level requirement for using URIs
>>though, so perhaps something like this could be said;
>>
>>"The GET binding SHOULD be used except in the following cases, in
>>which case the POST binding SHOULD be used;
>>
>>   o where the URL-encoded query exceeds practicable length limits
>>   o where the cost of processing the query may be prohibitive (see
>>Section 3.1, "Security")"
>
>We just voted to publish a new LC protocol document. But I favor this patch,

+1

Pat



-- 
---------------------------------------------------------------------
IHMC		(850)434 8903 or (650)494 3973   home
40 South Alcaniz St.	(850)202 4416   office
Pensacola			(850)202 4440   fax
FL 32502			(850)291 0667    cell
phayesAT-SIGNihmc.us       http://www.ihmc.us/users/phayes
Received on Tuesday, 17 January 2006 21:07:59 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:25 GMT