- From: Mark Baker <distobj@acm.org>
- Date: Tue, 17 Jan 2006 11:34:45 -0500
- To: public-rdf-dawg-comments@w3.org
In the HTTP binding part of the protocol[1], the advice as to whether or not a URI serialization for the query is suitable is given as; "The GET binding should be used except in cases where the URL-encoded query exceeds practicable limits, in which case the POST binding should be used." Due to the considerations in the "security" section about possible denial-of-service attacks, combined with the assumed "do no harm" (safety) aspect of GET, I think it's quite reasonable for a service provider not to expose potentially expensive queries via URI+GET. I still like the idea of a SHOULD-level requirement for using URIs though, so perhaps something like this could be said; "The GET binding SHOULD be used except in the following cases, in which case the POST binding SHOULD be used; o where the URL-encoded query exceeds practicable length limits o where the cost of processing the query may be prohibitive (see Section 3.1, "Security")" P.S. the subsections of section 3 are numbered in the TOC, but not in the document. Cheers, [1] http://www.w3.org/TR/rdf-sparql-protocol/#query-bindings-http Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Coactus; Web-inspired integration strategies http://www.coactus.com
Received on Tuesday, 17 January 2006 16:34:50 UTC