RE: Issue 169: Propose http method in the operation interface to simplify http binding. from David Orchard on 2004-07-13 (www-ws-desc@w3.org from July 2004)

From: David Orchard <dorchard@bea.com>
Date: Mon, 12 Jul 2004 22:20:45 -0700
To: "Sanjiva Weerawarana" <sanjiva@watson.ibm.com>, <www-ws-desc@w3.org>
Message-ID: <32D5845A745BFB429CBDBADA57CD41AF08D6B7B1@ussjex01.amer.bea.com>

Sanjiva,

There is not a single GET that is unsafe that is a valid HTTP GET.  The definition of GET is such that the operation is safe.  There may be other operations that are safe though, maybe HEAD...  However, given that we are only supporting GET/PUT/POST/DELETE in our HTTP binding, then the only safe operation we have is GET.  

Further, a "GET" in the abstract may be bound to HTTP POST, thus it is safe.  However, if we say that we support GET=safe, then we can take care of that in a binding that uses POST for a GET request.  

That's why safe is at the operation level.  And why GET is just as, if not more appropriate, at the operation level.

Cheers,
Dave



> -----Original Message-----
> From: www-ws-desc-request@w3.org [mailto:www-ws-desc-request@w3.org]On
> Behalf Of Sanjiva Weerawarana
> Sent: Monday, July 12, 2004 9:05 PM
> To: www-ws-desc@w3.org
> Subject: Re: Issue 169: Propose http method in the operation interface
> to simplify http binding.
> 
> 
> 
> (You guys all waited till I went to sleep to reply .. hence 
> the barriage of
> replies at once :-().
> 
> <paul.downey@bt.com> writes:
> >
> > same as SOAP "getStockQuote" with an endpoint of
> > mailto:sanjiva@opensource.lk <mailto:sanjiva@opensource.lk> 
>  - i.e. it
> doesn't
> > make much sense.
> 
> Not at all! If SOAP/SMTP binding is in use it makes perfect sense to
> say "send a SOAP message to that email address." However, there's no
> GETting or POSTing going on there.
> 
> > Not all interfaces can be bound to any arbitary 
> transport/serialisation
> > combination.
> 
> We've tried hard to keep it protocol independent as possible. Are you
> also saying that HTTP is so special that we need to break the rule for
> HTTP?
> 
> > I still beleive it /could/ be useful to say safe=false for 
> those of us
> daft enough
> > to allow buying a book using "GET".
> 
> I am prolly missing something basic .. but why is that daft? 
> There are many
> HTTP queries (using GET) which are indeed unsafe. That's why we are
> careful to not say that GET ==> @safe=true. (Nor vice-versa 
> as you pointed
> out correctly .. @safe=true doesn't necessarily mean method=GET.)
> 
> In any case, @safe is asserted at the interface operation 
> level and hence
> one does not know the HTTP method (or in fact whether the binding will
> be HTTP) at that time.
> 
> Sanjiva.
> 
>

Received on Tuesday, 13 July 2004 01:21:26 UTC