- From: Pat Hayes <phayes@ihmc.us>
- Date: Tue, 17 Jan 2006 15:07:51 -0600
- To: Kendall Clark <kendall@monkeyfist.com>
- Cc: dawg mailing list <public-rdf-dawg@w3.org>
>On Jan 17, 2006, at 11:34 AM, Mark Baker wrote: > >> >>In the HTTP binding part of the protocol[1], the advice as to whether >>or not a URI serialization for the query is suitable is given as; >> >>"The GET binding should be used except in cases where the URL-encoded >>query exceeds practicable limits, in which case the POST binding >>should be used." >> >>Due to the considerations in the "security" section about possible >>denial-of-service attacks, combined with the assumed "do no harm" >>(safety) aspect of GET, I think it's quite reasonable for a service >>provider not to expose potentially expensive queries via URI+GET. >> >>I still like the idea of a SHOULD-level requirement for using URIs >>though, so perhaps something like this could be said; >> >>"The GET binding SHOULD be used except in the following cases, in >>which case the POST binding SHOULD be used; >> >> o where the URL-encoded query exceeds practicable length limits >> o where the cost of processing the query may be prohibitive (see >>Section 3.1, "Security")" > >We just voted to publish a new LC protocol document. But I favor this patch, +1 Pat -- --------------------------------------------------------------------- IHMC (850)434 8903 or (650)494 3973 home 40 South Alcaniz St. (850)202 4416 office Pensacola (850)202 4440 fax FL 32502 (850)291 0667 cell phayesAT-SIGNihmc.us http://www.ihmc.us/users/phayes
Received on Tuesday, 17 January 2006 21:07:59 UTC