W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2020

Re: How to express no matching results in HTTP SEARH method?

From: Roy T. Fielding <fielding@gbiv.com>
Date: Thu, 5 Nov 2020 12:46:01 -0800
Cc: Ben Schwartz <bemasc@google.com>, Stephane Bortzmeyer <bortzmeyer@nic.fr>, Sawood Alam <ibnesayeed@gmail.com>, Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg <ietf-http-wg@w3.org>
Message-Id: <272262AB-8566-413F-87BB-863EC60CAF0B@gbiv.com>
To: Mike Bishop <mbishop@evequefou.be>
> On Nov 5, 2020, at 11:37 AM, Mike Bishop <mbishop@evequefou.be> wrote:
> 
> Roy, you seem to be disagreeing, but then presenting a detailed argument for
> the same position you're disagreeing with.  If the search was successfully
> performed on a resource, and the result of the search is an empty set,
> that's a successful operation (2XX).  If the search could not be performed
> for some reason, that's an error (4XX, 5XX).

That wasn't what I was responding to. The example given was a response
that was not a successful search: "SERVFAIL or NXDOMAIN" having a status
of 2xx. That's wrong.

> I'm confused.  Can you clarify why you don't believe that aligns with "if a
> search is successfully performed, then HTTP has succeeded"?

The general statement of "when a search is successfully performed we
would expect a 2xx response" is true to the extent that what the
application is actually doing is searching for something wherein
"none found" is a successful response, like most queries that
respond with a list of resources that match.

But SEARCH (the method) isn't limited to searching for something
according to some criteria. Maybe it should be. Maybe not. I don't
think it matters, so long as the protocol is self-descriptive and
doesn't respond success when the request actually failed by its
own semantics.

> (I disagree with you slightly about "find some among many," because the
> resource to be searched could be present but empty.  I think the
> differentiator is whether the targeted resource exists, regardless of what
> it contains.)

This isn't a helpful way to think. What we want from status codes
at the HTTP level is an indication of what recipients can do to
"fix this" even when they are not aware of the specific application
being processed over HTTP. A success doesn't need to be fixed.

For example, BigCo pays X megabucks to ensure that all valid queries
are processed within 50ms, including severe penalties when they don't.
The X has megaservers to respond to megaclients, but still doesn't
control probability and can't afford to buy a separate set of
megaservers for every specific application. So, it sprays all
SEARCH requests to N recipient servers in parallel and forwards
the first successful response. X cannot do that if it has to look
inside the body of a response to make an application-specific decision
about whether that response contains a successful SEARCH response.
Likewise, it might have an auditing requirement to store invalid
queries for some period of time, which it could do in 1 place
if the response indicates validity or in N places if it does not.

The easy thing for application developers to do is to always
send a 200 and make excuses within the content. If that was
generally considered to be an okay thing for one use of HTTP,
it would soon be for all uses of HTTP, and a whole bunch of
things that allow HTTP traffic to scale start failing.

....Roy
Received on Thursday, 5 November 2020 20:46:22 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 5 November 2020 20:46:23 UTC