Re: HTTP Status Codes for QueryRequestRefused from Seaborne, Andy on 2006-01-11 (public-rdf-dawg@w3.org from January to March 2006)

From: Seaborne, Andy <andy.seaborne@hp.com>
Date: Wed, 11 Jan 2006 17:52:30 +0000
To: Kendall Clark <kendall@monkeyfist.com>
CC: RDF Data Access Working Group <public-rdf-dawg@w3.org>
Message-ID: <43C545DE.1000802@hp.com>

Kendall Clark wrote:
> 
> On Jan 11, 2006, at 10:39 AM, Seaborne, Andy wrote:
> 
> 
>>The one I have difficulty is how a security problem (403) is not a  
>>refusal by the service.
> 
> 
> Overloading overloading overloading overloading.
> 
> Our WSDL serializes *no* fault with 403.

Yes

> Thus, any 403 returned is  
> NOT a WSDL fault.

 From the SPARQL protocol document, yes.  It seems at odds with the open set 
but let's stick with that for the moment.

> It *cannot* be a WSDL fault. QueryRequestRefused  
> *is* a WSDL fault. Thus 403 cannot be a refusal by the service.

That is odd because:

A/ HTTP 1.1 RFC 2616 says:

"""
403 Forbidden

The server understood the request, but is refusing to fulfill it.
"""

which uses the term "refuse".
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4

B/ The client can not communicate in the usual HTTP manner the reason for a 
'refusal' (this is why I suggested "should", in the RFC 2119 sense).

If you have a specific definition of "refuse", then please put that definition 
in the document.

> 
> Yr systematically confusing situations where natural language  
> speakers might use the English verb "to refuse"  with situations where
> QueryRequestRefused is being returned as a WSDL fault.

This text makes the connection to my reading:
"""
QueryRequestRefused

This fault message must be returned when a client submits a request that the 
service _refuses_ to process.
"""
because it uses "refuse" in the English definition, there being no other 
definition of the work in scope (and HTTP 1.1 uses it in the common protocol 
sense anyway).

"refuse" / OED:
1/ state that one is unwilling to do something
2/ state that one is unwilling to give or accept (something offered or requested)

That seems appropriate use of the word "refuse".

[The following text in the definition of the fault does not modify the first 
statement.]

> This is at  
> least the third time I've explained this, Andy, and yet you accuse me  
> in private email of "avoiding concrete examples". -sigh-

You said you believed that using the word "should" would change the design.

Please give an example.

	Andy

> HTTP 403 *cannot* be a WSDL-refusal by the WSDL service *per  
> definitionem* because the *only* way to refuse *in the WSDFL fault  
> sense* is to return 500. If a service returns 403, it hasn't refused  
> in the sense of QueryRequestRefused or of WSDL, which is the only  
> sense that matters.
> 
> Can you or someone else use the English verb "to refuse" to describe  
> what it has done? Of course, but that doesn't make it a WSDL fault.
> 
> Cheers,
> Kendall

Received on Wednesday, 11 January 2006 17:52:39 UTC