Re: httpRange-14 Change Proposal


On 25 Mar 2012, at 19:39, Noah Mendelsohn wrote:
> (commenting now as a technical contributor to the TAG)
> On 3/25/2012 5:47 AM, Jeni Tennison wrote:
>> a 200 response to a probe URI no longer by itself implies that the probe
>> URI identifies an information resource or that the response is a
>> representation of the resource identified by the probe URI; instead,
>> this can only be inferred if the probe URI is the object of a
>> ‘describedby’ relationship or the target of a 303 redirection.
> I'm not taking a position pro or con on the overall proposal, but the part about "target of a 303" seems wrong to me. The rest of the proposal, good or bad, follows the tradition that those who host resources are responsible for the information conveyed in the HTTP responses generated.
> In the case where your site does a 303 redirect to my URI, you seem to be committing that >my< resources is an information resource. How can I know who's out there doing 303's to my resources, and how can you take responsibility for characterizing my resource that way?

I'm trying to think of why anyone would do this without having entered into some agreement with you that you would provide documentation about their URIs.

I'm also trying to imagine how this is different from the fact that anyone can say any old rubbish about any of your URIs and you can't stop them. All consumers have to have some method of weeding out the rubbish.

But anyway, I suppose if you were concerned about this you could add a condition that said that you could only tell the target was an IR if as well as returning a 2XX response, the representation from the target of the documentation link actually includes statements about the probe URI.

> Indeed, even if I'm doing the redirects to my own resource, is there anything in today's specifications to mandate that the target of a 303 is an information resource?

It's not implied from it being the target of the link, but of course if it returns a 2XX then it must be.

> I assume it's the most common case, but my reading of 303 is that it's intentionally pretty vague. I read it as: "you might find something useful over here -- feel free to do a GET and see what happens". In fact, I'm not sure it's even clear that 303 targets need to be http resources at all. Is it provably wrong, e.g., to do a 303 redirect to a mailto URI?

As Jonathan has written it, a 303 response or a Link: header with a describedby relationship indicates that nominal representations from the target of the link are nominal URI documentation carriers for the probe URI. That's a bit stronger than "you might find something useful over there".

As far as I can see, there's no general requirement for the HTTP Location: header to point to an HTTP URI.

Jeni Tennison

Received on Sunday, 25 March 2012 19:30:07 UTC