mnot’s blog

Design depends largely on constraints.” — Charles Eames

Protocol Design

Saturday, 4 January 2014

Strengthening HTTP: A Personal View

Recently, one of the hottest topics in the Internet protocol community has been whether the newest version of the Web’s protocol, HTTP/2, will require, encourage or indeed say anything about the use of encryption in response to the pervasive monitoring attacks revealed to the world by Edward Snowden.

this entry’s page

Friday, 21 June 2013

A Few Thoughts about PRISM

The NSA PRISM story broke while I was on the road; last week I was in Tokyo for W3C meetings, moving to San Francisco for a HTTP meeting and Velocity.

this entry’s page

Wednesday, 15 May 2013

Indicating Problems in HTTP APIs

A common part of HTTP-based APIs is telling the client that something has gone wrong. Most APIs do this in some fashion, whether they call it a “Fault” (very SOAP-y), “Error” or whatever.

this entry’s page

Friday, 4 January 2013

Exploring Header Compression in HTTP/2.0

One of the major mechanisms proposed by SPDY for use in HTTP/2.0 is header compression. This is motivated by a number of things, but heavy in the mix is the combination of having more and more requests in a page, and the increasing use of mobile, where every packet is, well, precious. Compressing headers (separately from message bodies) both reduces the overhead of additional requests and of introducing new headers. To illustrate this, Patrick put together a synthetic test that showed that a set of 83 requests for assets on a page (very common these days) could be compressed down to just one round trip – a huge win (especially for mobile). You can also see the potential wins in the illustration that I used in my Velocity Europe talk.

this entry’s page

Tuesday, 18 December 2012

"Why Don't You Just…"

A proposal by John Graham-Cumming is currently doing the rounds:

this entry’s page

Tuesday, 4 December 2012

Evolving HTTP APIs

One of the most vexing problems that still seems to be facing people when I talk to them about HTTP APIs is how to handle versioning and extensibility – i.e., how they evolve.

this entry’s page

Monday, 29 October 2012

OPTIONS is Not the Method You're Looking For

Once in a while, people ask me whether they should use the OPTIONS HTTP method, and whether we should try to define formats for discovering resource capabilities with it.

this entry’s page

Wednesday, 5 September 2012

Why PATCH is Good for Your HTTP API

A common problem for APIs is partial update; when the client wants to change just one part of a resource’s state. For example, imagine that you’ve got a JSON representation of your widget resource that looks like:

this entry’s page

Wednesday, 11 July 2012

Bad HTTP API Smells: Version Headers

One thing I didn’t cover in my previous rant on HTTP API versioning is an anti-pattern that I’m seeing a disturbing number of APIs adopt; using a HTTP header to indicate the overall version of the API in use. Examples include CIMI, CDMI, GData and I’m sure many more.

this entry’s page

Monday, 25 June 2012

HTTP API Complexity

@dret: if your scenario is homogeneous and models are harmonized across participants, #REST is of limited utility for you.

this entry’s page

Tuesday, 17 April 2012


Erik Wilde - otherwise known as dret - has published an Internet-Draft for a “profile” link relation type:

this entry’s page

Tuesday, 25 October 2011

Web API Versioning Smackdown

A lot of bits have been used over on the OpenStack list recently about versioning the HTTP APIs they provide.

this entry’s page

Wednesday, 12 October 2011

Thinking about Namespaces in JSON

Since joining Rackspace to help out with OpenStack, one of the hot topics of conversation I’ve been involved in has been extensibility and versioning.

this entry’s page

Wednesday, 24 August 2011

Distributed Hungarian Notation doesn't Work

It used to be that when you registered a media type, a URI scheme, a HTTP header or another protocol element on the Internet, it was an opaque string that was a unique identifier, nothing more.

this entry’s page

Friday, 23 July 2010

Thou Shalt Use TLS?

Since SPDY has surfaced, one of the oft-repeated topics has been its use of TLS; namely that the SPDY guys have said that they’ll require all traffic to go over it. Mike Belshe dives into all of the details in a new blog entry, but his summary is simple: “users want it.”

this entry’s page

Wednesday, 5 May 2010

Thoughts on Archiving HTTP

Steve Souders and others have been working for a while on HAR, a HTTP Archive format.

this entry’s page

Thursday, 18 February 2010

Are Resource Packages a Good Idea?

Resource Packages is an interesting proposal from Mozilla folks for binding together bunches of related data (e.g., CSS files, JavaScript and images) and sending it in one HTTP response, rather than many, as browsers typically do.

this entry’s page

Friday, 15 January 2010

WS-REST (heh, heh)

If you haven’t seen it already, check out the Call for Papers for the First International Workshop on RESTful Design (WS-REST 2010), where I’m on the program committee, along with many of the usual suspects.

this entry’s page

Friday, 13 November 2009

Will HTTP/2.0 Happen After All?

A couple of nights ago, I had a casual chat with Google’s Mike Belshe, who gave me a preview of how their “ Let’s make the Web faster” effort looks at HTTP itself.

this entry’s page

Wednesday, 18 February 2009

Stop it with the X- Already!

UPDATE: RFC6648 is now the official word on this topic.

this entry’s page

Thursday, 20 March 2008

Moving Beyond Methods in REST

Having complained before about the sad state of HTTP APIs, I’m somewhat happy to say that people seem to be getting it, producing more capable server-side and client-side tools for exposing the full range of the protocol; some frameworks are even starting to align object models with resource models, where HTTP methods map to method calls on things with identity. Good stuff.

this entry’s page

Monday, 3 March 2008


Not many people that I know outside of IETF circles realise that a new *DAV effort has started up; CardDAV.

this entry’s page

Sunday, 17 February 2008


It’s 7am, I’m sitting in the Auckland Koru Club on my way home and reading the minor kerfuffle regarding PATCH with interest.

this entry’s page

Wednesday, 6 February 2008

Another Kind of HTTP Negotiation

Here’s one that I’ve been wondering about for a while, for the LazyWeb (HTTP Geek Edition);

this entry’s page

Monday, 21 January 2008

Watching WADL (and other rambling thoughts)

I’m following the discussion of RESTful Web description in general, and WADL in particular, with both difficulty and interest (see Patrick and Joe’s thoughts for a nice contrast).

this entry’s page

Wednesday, 12 December 2007

Two HTTP Caching Extensions

We use caching extensively inside Yahoo! to improve scalability, latency and availability for back-end HTTP services, as I’ve discussed before.

this entry’s page

Tuesday, 7 August 2007

ETags, ETags, ETags

I’ve been hoping to avoid this, but ETags seem to be popping up more and more often recently. For whatever reason, people latch onto them as a litmus test for RESTfulness, as the defining factor of HTTP’s caching model, and much more.

this entry’s page

Saturday, 28 July 2007

URI Templates Redux

URI Templates -01 is now an Internet-Draft.

this entry’s page

Thursday, 10 May 2007

Intelligent Design, Eames-Style

For a while, I’ve had the fairly well-known Charles Eames quote “Design depends largely on constraints” as the tagline on my blog (if you read this in a feed aggregator, you’ll have to go to one of the HTML pages to see it).

this entry’s page

Thursday, 20 April 2006

DOM vs. Web

Back at the W3C Technical Plenary, I argued that Working Groups need to concentrate on making more Web-friendly specifications. Here’s an example of one such lapse causing security problems on today’s Web.

this entry’s page

Friday, 7 April 2006

Are Namespaces (and mU) Necessary?

It’s become axiomatic in some circles — especially in WS-* land, as well as in many other uses of XML — that the preferred (or only) means of offering extensibility is through URI-based namespaces, along with a flag to tell consumers when an extension needs to be understood (a.k.a. mustUnderstand).

this entry’s page

Monday, 7 November 2005

REST vs..?

More and more people are getting turned on to the advantages of using REST as a higher-level abstraction for networked applications, often comparing it favourably to SOAP and Web services.

this entry’s page

Saturday, 22 October 2005

Why Just GET and POST?

Why is it that Web browsers — Amaya excluded — don’t support PUT and DELETE? After all, if there are enough VCs foolish enough to part with their money for something like Flock, surely we could at least support all of HTTP’s methods.

this entry’s page

Friday, 8 July 2005

One Description to Bind them All? Nah.

You can describe just about anything with sufficient precision in plain English, given enough words. In practice, this doesn’t happen; specialised fields — whether science, finance or art — develop specialised jargon as a shorthand for concepts that are well-understood in that field. It gives greater precision, easier flow of ideas, and yes, it raises the bar to entry for newcomers.

this entry’s page

Sunday, 22 May 2005

Prefetching (again)

There’s been quite a kerfuffle over Google’s Web Accelerator, because it prefetches Web content.

this entry’s page

Monday, 21 March 2005


A while back, I wrote up a description of a pattern for avoiding messages like “ click submit only once.” I didn’t do much after that, because I’ve been a bit busy, and because I wanted to do some implementation of a more general HTTP framework before I wrote a more formal document.

this entry’s page

Wednesday, 2 March 2005

Using XML in Data-Oriented Applications

So, you’ve got some data that you need to give to somebody else, and you want to use XML to do it; good for you, you’ve seen the light / hopped on the bandwagon / drunk the Kool-Aid.

this entry’s page

Sunday, 10 October 2004

Why POST is Special

In a recent post, Don gave his take on the enlightening nature of WS-Transfer;

this entry’s page

Thursday, 19 August 2004

On Jargon and Applicability

Alfred Marshall, who is credited with turning economics from a sideline to a proper discipline of its own, had this to say:

this entry’s page

Thursday, 5 August 2004

The ‘Document’ in Document-Oriented Messaging

(Another instalment in “XML Heresies.”)

this entry’s page

Wednesday, 30 June 2004

SOAP: Protocol or Format?

Way back when the XML Protocol Working Group started kicking around, Henrik and I had a long-running, low-level “discusssion” about whether SOAP was a protocol or a format.

this entry’s page

Monday, 14 June 2004

Use Cases for Web Description Formats

One thing about Web description formats that hasn’t seen much discussion yet is how people intend to use them.

this entry’s page

Friday, 28 May 2004

XML Infoset, RDF and Data Modelling

I’ve been talking with a few people about my previous assertion that the Infoset is a bad abstraction for data modelling, and my subsequent post about the informational properties of the Infoset.

this entry’s page

Wednesday, 12 May 2004

Informational Properties of Infosets

Recently, I’ve been thinking about the influences that using the Infoset has on the information you place in it.

this entry’s page

Wednesday, 5 May 2004


Without pointing fingers, some people have a bee in their collective bonnet about the dangers of allowing binary content to be represented in XML, care of XOP. Others are up in arms about re-inventing HTTP in SOAP, courtesy of the Representation Header. Both of these are products of the XML Protocol WG, of which I’m a member, so I’d like to share my viewpoint (which is not that of either my employer nor the working group, etc., ad nauseam).

this entry’s page

Saturday, 1 May 2004

Stupid Compression Tricks

I’m watching a company called Riverbed with interest, because they just released a new product, “Steelhead”. In a nutshell, it’s IP datagram compression done with a shared, dynamic dictionary.

this entry’s page

Tuesday, 27 April 2004

Using WebDAV as a Description Format for REST

In the past, I’ve talked about reusing WSDL as a format for describing Web resources, as well as coming up with a bespoke format.

this entry’s page

Tuesday, 27 April 2004

How do we use SOAP Headers?

Way back when in the XML Protocol Working Group, one of the concerns that came up was the processing model for SOAP headers. In particular, while SOAP 1.2 does a good job of specifying how that model operates, a key peice of information is missing; how to order the steps in processing a message.

this entry’s page

Tuesday, 20 April 2004

Sean’s Words of Wisdom

Sean McGrath always has carefully considered positions, and he hits it out of the ballpark with this one. A few thoughts;

this entry’s page

Monday, 19 April 2004

Asynchrony: There Is No Spoon

One of the things that people find compelling about Web services is its promise of asynchrony. “HTTP is only request/response, and therefore synchronous; it’s terrible for long-lived business processes, where the server needs to contact the client at some arbitrary time in the future” they say.

this entry’s page

Friday, 16 April 2004

Describing Generative Identifiers in WSDL

To use WSDL to describe RESTful interactions, you need some way of accommodating generative resource identifiers. In a nutshell, this means some part of the URI is dynamic. For example, with HTTP I might describe an address book where someone named “Jones” has a corresponding entry URI;

this entry’s page

Thursday, 15 April 2004

Five Favourite Protocol Design Papers

Lots of papers come and go over the years; take a look at any tech conference, online bibliographies (even subject-specific ones; Webbib is a favourite), and you’ll be inundated.

this entry’s page

Wednesday, 14 April 2004

A(nother) Description Format for REST

I’ve talked before about describing RESTful Web resources, going as far as prototyping a new format. That work was predicated on the assumption that WSDL wasn’t adequate.

this entry’s page

Saturday, 7 February 2004

Messages vs. Files

Jon Udell is thinking about the benefits of data being globally available, rather than localised to a machine. I’m in complete agreement; in the last two years, I’ve used Linux, Windows and Mac OSX on the desktop, leading me to be ruthless about data portability.

this entry’s page

Monday, 12 January 2004

Decentralised Registration

Wouldn’t it be great if, whenever a business, government organization or just the guy down the block came up with a new format for their documents, they could easily get a media type, so that the format would be a first-class citizen on the Web?

this entry’s page

Saturday, 3 January 2004

Extensibility and Interoperability

In his blog, Sean McGrath wonders about two potentially competing faces of standards; extensibility and interoperability.

this entry’s page

Friday, 3 October 2003

Loose Coupling, Late Binding and REST

Mark Baker says that REST is SOA + late binding. While I see the truth in this, I think it’s pretty orthogonal, and it’s not that compelling for most SOAish folks.

this entry’s page

Saturday, 13 September 2003

Click Submit Only Once

I shudder when I see these words. Everyone I’ve asked has, at least once, gotten two orders of something online (personally, I’ve had the SonyEricsson store ship three duplicate orders); “Click Submit Only Once” is intended to stop that. The problem is, it puts me and every other shopper between a rock and a hard place.

this entry’s page

Tuesday, 24 June 2003

Bees and Ants

The W3C Semantic Web wiki has an entry called ‘BeesAndAnts’ that very effectively conveys something that I’ve been trying to articulate for a while (and, as usual, failing). It’s not about the Semantic Web in my mind, so much as it’s about REST and Web Services (which means that there’s something to this Web architecture stuff yet, I think).

this entry’s page

Tuesday, 20 August 2002

Don Box on Tolerance

Don talks about the evils of tolerance in receiving implementations, and I say Amen, brother! Preach! The classic approach works when there are relatively few implementators; however, when the whole world implements a protocol (whether it’s SOAP or HTML or whatever), you’re asking for trouble if you allow too generously.

this entry’s page