Re: Comments on draft-ietf-httpbis-p2-semantics-07 from Henrik Nordstrom on 2009-07-22 (ietf-http-wg@w3.org from July to September 2009)

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Wed, 22 Jul 2009 11:08:03 +0200
To: Hugh Winkler <hughw@wellstorm.com>
Cc: ietf-http-wg@w3.org
Message-Id: <1248253683.29819.67.camel@localhost.localdomain>
tis 2009-07-21 klockan 19:11 -0500 skrev Hugh Winkler:
> Thanks Mark. Let me rephrase my request. HTTP WG, please fix
> asynchronous POST. It is broken in the way I described. I once saw 202
> in an ebXML (or was it Rosettanet) environment; I've never seen
> another one used in anger. We encounter asynchronous HTTP POST all the
> time in web browsers. Not one of them uses 202.

202 is entirely fine to be used, and technically makes a lot sense in
asynchronous POST processing. The 202 response is entirely fine to
contain whatever human readable HTML application (i.e. processing status
monitor display etc) which then makes other accesses to the same or
other URIs for getting status updates if you like. If there is browsers
not displaying the 202 response then fix that issue.

What is missing from the 202 is some way for the server to indicate to
non-human agents where the resource will be created once the operation
finishes (if successful) or any estimate of when that will get done.

One thing we can do at the HTTP protocol level and which has already
been proposed is to add processing notification via a 1xx message, which
would tell the client that processing is currently under way and keep
the response channel alive until processing have finished. This allows
for long-running synchronous processing which often is the desired
action in cases one needs a status indication/monitor. May even include
%, time estimates etc if you like, but can not include any presentation
specification. Actual presentation of such processing notifications is
then left to the browser profile specifications/implementations, all
specs can do in this case is to RECOMMEND that the information is
displayed to the user somehow in interactive applications.

Another thing that can be done is to extend 202 to optionally include
the Location where the resource eventually will be available after
processing have competed combined with Retry-After telling when the
processing is expected to be finished, and even ETag if you like, which
would help non-humans to make sense of the 202 somewhat.

Another option in HTTP terms is to return 201 (maybe with Retry-After)
but respond with 503 + Retry-After in requests to the URI until
processing have actually finished. The 503 responses MAY include human
oriented status updates including a status monitor application.

The part about GET to the created URI returning 503 + Retry-After is
actually equally valid for both 201/202 cases above.

> The WG ought to do something so that all kinds of user agents - web
> browsers as  well as B2B XML systems --  can do asynchronous POST
> using a uniform interface.

Care to explain again what the issue with 202 is in this context?

>  A server ought not care what kind of client
> has POSTed to it, web browser or B2B agent software; in either case
> the protocol  interaction ought to be the same.

Agreed, but the desire of web masters to add custom interfaces to
everything instead of demanding web browser vendors to display HTTP
actions in a sensible way often works against this, making authors of
human intended applications completely ignore protocol semantics like
the difference in 200/201/202/303 in a case like this, just returning
whatever they happened to like for the day (i.e. 303 if they want to
display a human oriented processing indicator, causing issues for
non-humans trying to use the same)

>   The origin server MUST create the resource before returning the 201
> status code.
>    If the action cannot be carried out immediately, the server SHOULD
>    respond with 202 (Accepted) response instead.
> 
> So the spec says you SHOULD return 202 if you must create a resource
> asynchronously. Can't we permit redirects too? SHOULD is pretty strong
> language.

That SHOULD is intended to be read in context of the previous sentence.
But I agree it's confusingly written and should go away, possibly
replaced by a note along the lines

        "If the action cannot be carried out immediately, the server
        should respond with another suitable response such as 202
        (Accepted) instead".

> The spec has never said anything about what to do in case you receive
> a 202 in response to a GET.

Pretty much the same as when you get a 200. The enclosed entity is
intended to be displayed to the (human) user, just as a 200 response is,
with the difference in status code mainly intended for non-humans.

>  Please just tell us what it means to get
> 202 in response to GET. Is it illegal?

It's not illegal, just very odd as GET isn't supposed to have any
significant effects beyond information retrieval so it doesn't make much
sense (in HTTP terms) that a GET operation can be executed outside of
the GET operation itself.. But as HTTP does not forbid GET from having
significant sideeffects it's theoretically possible that returning 202
makes sense to some application...

Regards
Henrik
Received on Wednesday, 22 July 2009 09:08:41 UTC