Re: Quota Enforcement and the communication of violations of policy using HttpStatusCode's. from Robert Collins on 2008-07-29 (ietf-http-wg@w3.org from July to September 2008)

From: Robert Collins <robertc@robertcollins.net>
Date: Tue, 29 Jul 2008 21:32:33 +0000
To: Jeff Currier <Jeff.Currier@microsoft.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <1217366252.21600.251.camel@lifeless-64>

On Tue, 2008-07-29 at 13:39 -0700, Jeff Currier wrote:
> 
> I think a new status code would likely be the best move.  We’re
> attempting to enforce quota’s around bandwidth, storage used, and some
> other application specific constraints.  Moreover, I think the notion
> of quota’s as they apply to new services seems like a something many
> new services would use.  

400 is not a good fit as it claims a malformed request. 403 however
seems ideal - the description of 403 is very clear that authorization
will not help and that the request was correctly formed and
understandable but that the server is choosing not to honour it.

For instance
HTTP/1.1 403 Bandwidth quota exceeded
HTTP/1.1 403 Disk quota exceeded
etc

-Rob

-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Received on Wednesday, 30 July 2008 11:48:18 UTC