W3C home > Mailing lists > Public > www-tag@w3.org > March 2007

State, when to use GET, and accountability

From: <noah_mendelsohn@us.ibm.com>
Date: Thu, 1 Mar 2007 14:53:59 -0500
To: "David Orchard" <dorchard@bea.com>
Cc: www-tag@w3.org
Message-ID: <OF627002BC.17CB6CD7-ON85257291.006C8F6D-85257291.006D5379@lotus.com>

Dave:  I know you're collecting ideas for the finding on State in Web 
application design.  One aspect of this that I understand is coming up 
increasingly is the legal need in many contexts for certain enterprises to 
reliably record every access that is made to certain data.  In such cases, 
an obligation of a sort is implicit in every access, and presuming HTTP 
GET in particular is inappropriate.  I think this is a real world issue 
for many users of Web technology.  I'm thinking it might be the basis of 
an interesting use case, though I'm somewhat on the fence as to whether it 
fits better in the whenToUseGET space.  The fact that there are side 
effects of the access seems to be whenToUseGet, but I imagine that in many 
cases it will be important to record not just that an access has occurred, 
but also information about the higher level interaction (session?) in 
which the access occurs.  That might bring a tie in to the state finding.

Noah

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------
Received on Thursday, 1 March 2007 19:54:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:51 UTC