Standards Entries
Wednesday, 15 May 2013
A common part of HTTP-based APIs is telling the client that something has gone wrong. Most APIs do this in some fashion, whether they call it a “Fault” (very SOAP-y), “Error” or whatever. Most of them define a new format for just this purpose; for examples, see Amazon’s, OpenStack’s, Twitter’s, Facebook’s, and SalesForce’s. Twitter's is fairly representative: {"errors":[{"message":"Sorry, that page does not exist","code":34}]} Here, they associate a human-readable message and an error code with the error. That’s a good start, but...
Saturday, 4 August 2012
The HTTPBIS Working Group is in a transitional phase; we’re rapidly finishing our revision of the HTTP/1.1 specification and just getting steam up on our next target, HTTP/2.0. So, we met in Vancouver this week as part of IETF84. Here’s a quick summary. HTTP/1.1 Five years ago, we held a Birds of a Feather meeting at IETF69, discussing whether we should attempt to revise RFC2616, the specification of HTTP/1.1. It’s turned out to be a massive job, but we’re close...
Saturday, 31 March 2012
We had two great meetings of the HTTPbis Working Group in Paris this week — one to start wrapping up our work on HTTP/1.1, and another to launch some exciting new work on HTTP/2.0. HTTP/1.1 The HTTP/1.1 specification (RFC2616) was standardised in the mid-to-late 90’s. At the time, there was a lot of pressure to produce something quickly, because the Web was getting popular, and swamping a lot of networks in the process. As a result, the spec is somewhat...
Wednesday, 24 August 2011
It used to be that when you registered a media type, a URI scheme, a HTTP header or another protocol element on the Internet, it was an opaque string that was a unique identifier, nothing more. Sure, there are some substructures (e.g., vnd. and prs. in media types) to aid in avoiding collisions, but they don’t actually do anything. And even so, they need to be used judiciously (e.g., the problems inherent in x-). However, it’s now becoming fashionable to...
Monday, 4 April 2011
Last week found lots of HTTP-ish folks in Prague for IETF 80. In short, the good bits: HTTPbis HTTPbis had a cracker of a meeting, with three RFC2616 authors and representatives of all five major browsers in the room. First and foremost, the Content-Disposition draft has been approved for publication as an RFC by the IESG. This is great news for interoperability, with growing browser support for the revised specification. With one critical issue scheduled for a fix in...
Tuesday, 1 March 2011
The IESG has received a request from the Hypertext Transfer Protocol Bis WG (httpbis) to consider the following document: 'Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)' <draft-ietf-httpbis-content-disp-06.txt> as a Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2011-03-14. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain...
Friday, 1 October 2010
I’m going to try to start blogging more updates (kick me if I don’t!) about what’s happening in the world of HTTP. HTTPbis The effort to revise the core HTTP specification (RFC 2616) is going nicely, albeit slowly. Given the nature of the work, slow is better than rushed. In late July, some of the HTTPbis WG editors met in (then) sunny Münster before IETF78 in Maastricht. The result of that were drafts -10 and -11, closing a number...
Friday, 23 July 2010
Since SPDY has surfaced, one of the oft-repeated topics has been its use of TLS; namely that the SPDY guys have said that they’ll require all traffic to go over it. Mike Belshe dives into all of the details in a new blog entry, but his summary is simple: “users want it.” I don’t think it’s that simple. Trust I trust my ISP, to a point; I have a business relationship with them, so I don’t worry too much...
Thursday, 6 May 2010
On a bit of a roll, RFC5861: HTTP Stale Controls has (finally) been published as an Informational RFC. As discussed before in “Two HTTP Caching Extensions,” these are very useful ways to hide latency and errors from your end users. While they’re most useful in HTTP gateway caches (a.k.a. reverse proxy caches / accelerators), very latency-sensitive sites might find them useful as well when working with “normal” proxy caches. Both are implemented in Squid 2.7. Not only does Squid...
Wednesday, 7 April 2010
One of the nagging theoretical problems in the Web architecture has been finding so-called “site-wide metadata”; i.e., finding something out about a Web site before you access it. We wrestled with this in P3P way back when, and the TAG took it up after that. The easy solution to this is to define a static “well-known” URL — like /robots.txt. However, having a third party come along and squat on part of every Web site’s URL namespace is less than...
Friday, 3 July 2009
The Stockholm IETF meeting is shaping up to be an interesting one (and not just because it’s in such a beautiful city). As announced on the mailing list, we are having a HTTPbis working group meeting. It looks like all of the editors will be there as well, so we’ll have a chance to get good feedback from the community, as well as move forward on the documents in between other meetings. Additionally, I’m helping to arrange a couple...
Thursday, 25 June 2009
A (very) long time ago, I wrote the Cacheability Engine to help people figure out how a Web cache would treat their sites. It has a few bugs, but is generally useful for that purpose. However, as I’ve got more involved in using HTTP for non-browser things, it’s become apparent that more than caching is important when you’re examining a resource to see how it behaves; things like partial content, syntax checking and other esoteric but important details. Very...
Tuesday, 14 April 2009
I had a lovely holiday weekend in Canberra with the family, without Web access. Perhaps I’ll blog about that soon — Canberra being in my opinion one of the nicest overlooked cities in the world — but that will have to wait. Going offline for a few days always brings a certain dread of what one’s inbox will hold when you get back, and this one was no exception. That’s because while I was watching the kids rolling down...
Tuesday, 24 February 2009
Over the past few weeks the Free Software Foundation has had its knickers in a twist about TLS authentication — specifically, its patent encumbrance; That patent in question is claimed by RedPhone Security. RedPhone has given a license to anyone who implements the protocol, but they still threaten to sue anyone that uses it. If our voice is strong enough, the IETF will not approve this standard on any level unless the patent threat is removed entirely with a...
Wednesday, 18 February 2009
Sometimes, it seems like every time somebody has a great idea for a new HTTP header, media type, or pretty much any other protocol element, they do the same thing. Rather than trying to figure out how to fit into how the rest of the world operates, getting adequate review and socialising their proposal, they just stick a bloody X- on the front and ship it. The IETF has no-one to blame but itself for this situation, of course....
Friday, 21 November 2008
There are lots of new “Web 2.0” specs emerging — many beginning with “o” — that are both exciting and concerning. Exciting because the Web is still evolving and still being applied to new problems, but concerning because the Web is big and has many moving parts. While it’s easy to design something new to address one use case or or set of interests, it’s much harder to make sure it works across the breadth of the Web and...
Thursday, 16 October 2008
Metadata discovery is a nagging problem that’s been hanging around the Web for a while. There have been a few stabs at this problem (including at least one by yours truly), but no real progress. This is both unfortunate and worrisome, because as the next generation of Web-based protocols informed by REST, Web 2.0 and the like roll out, they’re going to need a way to find and talk about metadata on the Web in an automated fashion. And...
Friday, 4 July 2008
Here’s a gem on a little-used mailing list: As most of you know, over the last several years fairly good progress has been made on standardizing Web services. Many Web services specifications have, in fact, been standardized in W3C (i.e. SOAP 1.2, WSDL 2.0, WS-Addressing, WS-Policy, etc). There is still some work to be done. Accessing data about a resource through Web services is an area of the Web services architecture that has yet to be fully realized. Some...
Thursday, 15 May 2008
Huh. The Atom Format RFC has been out for a while, and as one of the authors, I get the odd mail now and again asking a question or just saying “thanks.” In the last week or two, however, there’s been a bit of an uptick, and all of these e-mails contain the word “Astoria.” As a Unix/Open Source developer, it’s easy to forget that there’s a whole other world out there that’s much bigger than the one I live...
Wednesday, 2 April 2008
It’s become quite fashionable for large IT shops to give blanket Royalty-Free licenses for implementation of “core” technologies, such as XML, Web Services and Atom. I’ll refrain from linking to any of them, as the purpose of this post* is not to pick on any single one**. Rather, it’s to call attention to a blind spot. IT folk see these licenses, nod their heads and relief, and assume that all is well; they can use this technology in their...
Sunday, 17 February 2008
It’s 7am, I’m sitting in the Auckland Koru Club on my way home and reading the minor kerfuffle regarding PATCH with interest. For me, the critical difference between PATCH and POST is generality; PATCH is a generic method (as all good HTTP methods should be), while POST is not (the exception that proves the rule). As such, it should be possible to take a PATCH request and a current representation of the resource it’s being applied to and —...
Friday, 4 January 2008
The stale-while-revalidate and stale-if-error extensions aren’t the only fiddling we’ve been doing with the HTTP caching model. Now that Squid 2.7 is starting to see daylight, I can explain about a much more ambitious project — Cache Channels. In HTTP, there are generally two ways to keep something in a cache fresh; using a freshness lifetime (e.g., Cache-Control: max-age), and validation (e.g., If-Modified-Since). Together, they do a really good job of making the Web seem faster and reducing load...
Wednesday, 12 December 2007
We use caching extensively inside Yahoo! to improve scalability, latency and availability for back-end HTTP services, as I’ve discussed before. However, there are a few situations where the plain vanilla HTTP caching model doesn’t quite do the trick. Rather than come up with one-off solultions to our problems, we tried going in the other direction; finding the most general solution that still met our needs, in the hopes of meeting others’ as well. Here are two of them (with...
Sunday, 9 December 2007
I haven’t talked about it here much, but I’ve spent a fair amount of time over the last year and a half working with people in the IETF to get RFC2616 — the HTTP specification — revised. That effort reached a milestone last week when the HTTPbis Working Group had its first face-to-face meeting in Vancouver. It’s still early days, but we’ve already made good progress; based on what we saw in the room, for example, it looks like...
Saturday, 8 September 2007
Feed Paging and Archiving (nee Feed History) has finally made it to a standards-track RFC. For many non-traditional (read: non-blog) applications of Atom, I think archived feeds in particular are going to be vital. I’m already using it in some places which should be seeing the light of day before too long; e.g., sending events to HTTP caches — a problem space that people have been noodling on for a very long time indeed. I’m also hoping that blog...
Wednesday, 10 May 2006
Anne-Thomas Manes extolls the virtues of WS-*; The single, most important feature that inspires my enthusiasm about WS-* is that it has universal support from all the major vendors. Ah, there we are; major vendors. What she’s basically saying here is that if you’re silly enough to have invited one of these vampires into your home, you’ll have the option of selecting other vampires to replace them at will, and that your vampire will be able to talk with...
Thursday, 20 April 2006
Back at the W3C Technical Plenary, I argued that Working Groups need to concentrate on making more Web-friendly specifications. Here’s an example of one such lapse causing security problems on today’s Web. Safety in HTTP HTTP methods have a property known as safety; RFC2616 describes it in section 9.1.1; Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions...
Friday, 7 April 2006
It’s become axiomatic in some circles — especially in WS-* land, as well as in many other uses of XML — that the preferred (or only) means of offering extensibility is through URI-based namespaces, along with a flag to tell consumers when an extension needs to be understood (a.k.a. mustUnderstand). The reasoning is that extensibility should be as easy as possible. By leveraging one registry — DNS — you can use URIs to allow anyone to create your own...
Wednesday, 15 March 2006
Microsoft and friends (of the keep your enemy closer variety, I suspect) have submitted WS-Transfer to the W3C. I found the Team comment interesting; e.g., WS-Transfer can therefore be seen as an underlying protocol-independent version of HTTP, i.e. bringing the capabilities and properties of the Web and HTTP in contexts where HTTP is not used. The use of WS-Transfer is not limited to non-HTTP transports, and can also be used when HTTP is used as a communication tunnel. As...
Wednesday, 10 August 2005
For some time, I’ve noticed that people defining XML formats spend an inordinate amount of time talking about the structure of the format. This is especially apparent in standards working groups, where hours — no, days — can be spent agonizing over whether to make something an attribute or an element. Part of this is obviously stylistic; people have different thoughts on what makes good XML, and they’re fight the same battles over and over again. I’ve often thought...
Friday, 22 July 2005
Don Box (whose blog doesn’t seem to be taking comments any more, so I’ll do it over here) points out some very cool technology he’s using, Microsoft’s Office Communicator. Sounds very slick, I’m jealous (with my old tech phone line and last year’s GSM mobile)! I think it’s fair to give a nod to the standards that Communicator are built upon, SIP and SIMPLE. The fact is, this very cool technology demo wouldn’t even be a gleam in a...
Friday, 15 July 2005
It’s been covered before elsewhere, but just a friendly reminder: ‘feed’ URIs are bad for the Web, as are any that are used solely for dispatch (e.g., ‘itms’, ‘pcast’). I’m looking at you, Apple. Interestingly, Apple also supports doing Web dispatch the right way; with media types. I know this because going to my test page — a zero-length file with a generic extension, but a ‘application/atom+xml’ media type — gets dispatched to my RSS reader in Safari on...
Monday, 27 June 2005
I don’t talk much about it here, but I’m honoured to be the Chair of the W3C Web Services Addressing Working Group. This is something of an experiment for the W3C, so I gave an update on its progress as part of a panel discussion at the Advisory Committee meeting a few weeks ago. I’d like to share some of what I presented there. What’s the Experiment? Standards can be developed in many ways. The W3C, historically, has had...
Monday, 7 February 2005
Werner makes an excellent point; [W]e need to continue to take care that we do not consider The Model to be The Truth. The web based internet is a massive organic process that is similar to Nature, and we can develop models to observe its phenomena. We can use these models to build our tools on, but we have keep in mind that we cannot use the model force the organic process to behave the way we want it...
Monday, 24 January 2005
I’m intrigued by the JSON effort. While many people (and vendors) have chosen XML for data interchange because it’s not platform- or vendor-specific, these folks have chosen the other path; by leveraging the serialisation of data structures in ECMAScript (nee JavaScript) — a nearly ubiquitous language, on every desktop that has a browser — they get an automatic installed base and at least one API for free. Then, by defining mappings to other languages (e.g., Java, Perl and C#;...
Sunday, 23 January 2005
There are MEPs in SOAP and MEPs in WSDL. WS-Addressing doesn't have MEPs, but it does allow you to create patterns of messages.Meanwhile, SOAP has bindings and WSDL has bindings, and WS-Addressing have bindings too. But, a SOAP binding binds an underlying transport, a WSDL binding binds an abstract interface, and an Addressing binding binds abstract properties.That's not the properties in SOAP, by the way, which aren't exactly the same as the properties in WSDL.
Wednesday, 19 January 2005
More than a year after my modest suggestion, Google takes a step to fix comment spam. Hopefully, other people who re-publish Web content (like mailing list archives) will start doing this as well. Perhaps the most interesting thing about this was how it was done. Google has added an HTML rel attribute value unilaterally (OK, they did co-ordinate with a few blog product vendors). Is this a good or a bad thing? The “right” way to add a rel...
Wednesday, 8 September 2004
An update to the Internet-Draft that provides initial values for the HTTP Header Message Registries is now available.
Thursday, 2 September 2004
...I have learned that to be right and useful, one must accept a continuing divergence between approved belief -- what I have elsewhere called conventional wisdom -- and the reality. And in the end, not surprisingly, it is the reality that counts.-- John Kenneth Galbraith, "The Economics of Innocent Fraud"I'm just starting this book, but it's pretty thought-provoking so far.
Saturday, 23 August 2003
I've had a fairly large and annoying bee in my bonnet for the past few months, regarding media type registration. It started buzzing when I tried (and failed) to register a media type for RSS, and has continued to grow as I attempt to do the same for SOAP, on behalf of the XML Protocol Working Group. Those who defend the registration process (as embodied in RFC2048) will say that it accommodates a number of scenarios, and is adequate...
Sunday, 22 June 2003
Looks like a good to-read list: John Beatty: Economics of Standards (via John Beatty, one of my fellow BEA-ers; hi John!)...
Wednesday, 28 May 2003
I agree with just about everything that Jim Waldo says here (at least for protocol standards). Well said!...
Sunday, 10 November 2002
Finally, the IESG puts its money where its mouth is; this tool allows you to see the status and individual AD's comments about a particular I-D. It's only a start, but at least you have some idea of what's going on, instead of being left out in the cold....
