OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] MS thinks HTTP Needs Replacing???

[ Lists Home | Date Index | Thread Index ]

[Michael Brennan]

> > From: Thomas B. Passin [mailto:tpassin@comcast.net]
> > For example, if you requested a transaction at
> >
> > http://www.illustations.com/bookstore/the_latest_book
> >
> > you might be informed to look for your results (tracking
> > notification for
> > the shipment, perhaps) at
> >
> > http://www.illustations.com/bookstore/the_latest_book/shipment
> > /some_tracking
> > _number
> > (This certainly should count as a "subsidiary" resource)
> > If the server cannot return a response immediately, then, it fits the
> > concept of operations for the server to return a CREATED message that
> > when it expects the new resource to contain the data, and what url it
> > be at.  The requestor can then GET that resource whenever it desires,
> > checking to see if it has been completed yet.
> Yes, I've heard this mentioned before. This is an intriguing approach. I
> also saw someone mention in a post (was it on the rest-discuss list? I
> find it now) that it is reasonable to return a 202 Accepted status. Is
> compatible with the approach of returning a location for a created
> or do I need to return a CREATED status for that? (I was thinking about
> just last night, and I'm fuzzy on this.)
Well, if the server created a new resource, you probably want it to inform
you so you can access it.  From RFC 2616 (talking about POST requests):

"If a resource has been created on the origin server, the response
   SHOULD be 201 (Created) and contain an entity which describes the
   status of the request and refers to the new resource, and a Location
   header (see section 14.30)."

This is just what we need for asynchronous operation. A 202 would be OK
except that it gives you no information about any new resource. If no new
"subordinate" resource was created, the RFC says:

"The action performed by the POST method might not result in a
   resource that can be identified by a URI. In this case, either 200
   (OK) or 204 (No Content) is the appropriate response status,
   depending on whether or not the response includes an entity that
   describes the result."

> However, there are still instances where you just need a synchronous
> One scenario I can think of is authenticating a user against a remote
> service. We do single sign-on with remote portals routinely. In such
> deployments, when the user tries to access our software and they have not
> been authenticated, we will authenticate them using the remote service
> before allowing entry. We obviously can't do this in an async fashion.
> (Currently, we typically do this with browser redirects and unique URIs
> encrypted tokens. But there is a need to do this sometimes with XML
> messaging, as well.)
It seems to me that when you need a synchronous reply, you just operate as
usual, like you are already doing, since the basic HTTP operation is


Tom P


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS