Re: rec33 proposal

On Tue, 11 Oct 2005, Mark Baker wrote:

>> As the redirect handling is done at the SOAP level, everything is OK.
>
> I don't think so.
>
> The reason given, "since this might change the conditions under which
> the request was issued" still holds, whether SOAP's being used or not.
>
> And don't get me started on the notion of a "SOAP level/layer"! 8-O

Well, yes (and no ;) ).

> Keep in mind that all agents are "user agents", in that they act on
> behalf of some human, somewhere.  Whether that relationship is up-close

Are you sure that they act on behalf of humans? always? In the case of 
automatic selection of a Web Service to accomplish one task, it's more 
difficult to go back to the human originator of the request.

I agree that redirecting unsafe HTTP methods requires confirmation, 
<sublimnal>use GET when you can!</subliminal> and that the confirmation 
can't happen directly at the SOAP binding level.
However, if you have a description of a service that explicitely says "you 
might get redirected to this set of URIs, and it is OK", then, as you 
already trusted the service definition to craft your SOAP message, you can 
also assume that automatic redirection is at the same safeness level.

So let's amend the proposal for the 301/302/307 redirections:

Status Code:
301,302,307

Reason phrase:
"Redirect"

Significance/Action:

The requested resource has moved.
In the case of unsafe HTTP method, like POST or PUT, explicit confirmation 
is required before proceeding as follow.
In the case of a safe method, like GET, or if the redirection has been 
approved, the HTTP request SHOULD be retried using the URI carried in the 
associated Location header field as the new value for the 
http://www.w3.org/2003/05/soap/mep/ImmediateDestination property.

NextState:
"Init" or "Fail"

Thanks,

-- 
Yves Lafon - W3C
"Baroula que barouleras, au tiéu toujou t'entourneras."

Received on Monday, 24 October 2005 11:56:52 UTC