[Draft TAG Finding] URIs, Addressability, and the use of HTTP GET and POST from Ian B. Jacobs on 2003-05-10 (www-tag@w3.org from May 2003)

From: Ian B. Jacobs <ij@w3.org>
Date: 09 May 2003 22:35:12 -0400
To: www-tag@w3.org
Message-Id: <1052534112.13759.589.camel@seabright>

Hello,

In June 2002, the TAG approved a version of the finding
"URIs, Addressability, and the use of HTTP GET" [1],
which addresses the issue whenToUseGet-7 [2].

A new draft of this finding is available, with
clarifications based on reader comments. The title has
been modified to reflect the finding's more balanced
presentation of the topic: "URIs, Addressability, and the 
use of HTTP GET and POST" [3].

Some of the changes in this draft include:

 - A more balanced presentation of when to use GET and POST,
   explaining appropriate usage, and practical considerations.

 - Addition of scenarios.

 - Addition of information on the protection of sensitive
   information.

 - Two ephemeral limitations added: re-execution
   of GET request upon back; revealing referer field
   when moving from secure transaction to insecure.

 - Updated section about the current status of GET
   in SOAP 1.0 [Review especially welcome on this section!]

The TAG invites comments on this draft finding on www-tag. 
More information on TAG findings is available at [4].

Thank you,

 _ Ian

[1] http://www.w3.org/2001/tag/doc/get7.html
[2] http://www.w3.org/2001/tag/ilist#whenToUseGet-7
[3] http://www.w3.org/2001/tag/doc/whenToUseGet.html
[4] http://www.w3.org/2001/tag/findings

--------
Abstract

An important principle of Web architecture is that all important
resources be identifiable by URI. The finding discusses the relationship
between the URI addressability of a resource and the choice between HTTP
GET and POST methods. HTTP GET promotes URI addressibility so, designers
should adopt it for safe operations such as simple queries. POST is
appropriate for other types of applications where a user request has the
potential to change the state of the resource (or of related resources).
The finding explains how to choose between GET and POST for an
application taking into account architectural, security, and practical
considerations.


-- 
Ian Jacobs (ij@w3.org)   http://www.w3.org/People/Jacobs
Tel:                     +1 718 260-9447

Received on Friday, 9 May 2003 22:35:19 UTC